Install self generated CA certificate into Linux OS
To trust self generated CA from client system, following steps can be used.
Retrieve CA certificate from server
Copy from CA certificate using browser
Click on lock icron beside address bar of browser, then view certificates.
Copy from server,
The self generated CA certificate normally can be found in server, such as
Run command to retrieve from service
Following command will print out CA certificate, remove unecessary lines, such as
DONE, if any.
Note: I haven't validated the certificate retrieved using this method.
openssl s_client -showcerts -connect [server_address]:[port] < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
Install CA certificate
Copy CA certificate into
/usr/local/share/ca-certificates directory, such as
xxxx.ca.crt, then run
update-ca-certificates command to update system CA, then restart impacted service.
cp <xxxx.ca.crt> /usr/local/share/ca-certificates update-ca-certificates systemctl restart <service>
Run following command, should return 0 (ok) as below.
openssl s_client -connect server_address:443 -CApath /etc/ssl/certs ... Verify return code: 0 (ok)