08 Sep 2020
SSL certificates work on a structure regarded as the “chain of trust.” It’s a chain of certificates starting from the certificate authority (CA).
Given a CA certificate file foo.crt
, follow these steps to install it on Ubuntu:
Create a directory for extra CA certificates in /usr/share/ca-certificates
:
sudo mkdir /usr/share/ca-certificates/extra
Copy the CA .crt
file to this directory:
sudo cp foo.crt /usr/share/ca-certificates/extra/foo.crt
Let Ubuntu add the .crt
file’s path relative to /usr/share/ca-certificates
to /etc/ca-certificates.conf
:
sudo dpkg-reconfigure ca-certificates
To do this non-interactively, run:
sudo update-ca-certificates
In case of a .pem
file on Ubuntu, it must first be converted to a .crt
file:
openssl x509 -in foo.pem -inform PEM -out foo.crt