Linux, Web Developing 
HOW TO INSTALL TRUSTED SSL CERTIFICATE IN DEBIAN
#################################################

# All of the active certs are sitting in /etc/ssl/cert
# By default the process involves putting the certs in
# /usr/local/share/ca-certificates (can include subfolders when putting certs there - also note this folder comes about from install the ca-certificates package) then running update-ca-certificates which will run thru any new certs and appropriately add them to /etc/ssl/cert via symlinks. There is also a concat of every cert sitting in a single file called /etc/ssl/cert/ca-certificates.crt (I just let update-ca-certificates manage that file - so dont worry about it)

# The other interesting folder that ca-certificates package installs is /usr/share/ca-certificates (this is where all of the preinstalled certs are from Godaddy, verisign and the like)

# What should you put in /usr/local/share/ca-certificates folder?
# Trusted certificates, intermediate certificates, and self signed certificates (your self signed certificates also act as root certificates)

# Although you can manually add your trusted ssl cert to your system, its best to just run update-ca-certificates and follow below process (read man page of update-ca-certificates to find out how to manually do what update-ca-certificates does)

### INSTALLING CA-CERTIFICATES ###

# First make sure you have the ca-certificates package (this preinstalls alot of the trusted world wide certificates like GoDaddy, Verisign, etc - also this installs the update-ca-certificate file that can only be run by root/sudo)

apt-get install ca-certificates

# Also if you use java might as well install (or it should by default be installed with java)

apt-get install ca-certificates-java

# This installs the script /etc/ca-certificates/update.d/jks-keystore that runs automatically after ever run of update-ca-certificates (note any script in the update.d folder will run at the end before update-ca-certificates closes)

# To upload a trusted certificate
# Do not put them in /usr/share/ca-certificates (I noticed thats default ones)

#### WITH OUT SUBFOLDER ###

# Lets assume our cert is ~/myrootcert.crt (myrootcert.crt thats sitting in the home folder of current user)
You can simply
sudo cp ~/myrootcert.crt /usr/local/share/ca-certificates
sudo update-ca-certificates

#### WITH SUBFOLDER - more organized ###

# Or you can also make a folder for it (thus you can put future certificates if you need to)

sudo mkdir /usr/local/share/ca-certificates/mycerts
sudo cp ~/myrootcert.crt /usr/local/share/ca-certificates/mycerts/
sudo update-ca-certificates

 

Leave a Reply

Your email address will not be published. Required fields are marked *