Debian package ca-certificates installs a number of common CA certificates, well known. Your certificate authority is not there, so you will get a warning messages every time it used by browser, mail client, IM, etc. Here are few simple steps to install your own CA certificate.
apt-get install ca-certificates
Copy CA certificate and reconfigure ca-certificates package:
cp cacert.pem /usr/share/ca-certificates
dpkg-reconfigure ca-certificates
You will be asked
"Trust new certificates from certificate authorities?", choose
Ask than from the list of activated certificates mark yours. This will rebuild certificates database with your CA certificate.
Posts
Thanks for the post!
ReplyDeleteJust to update for any future readers, Debian recommends a slightly different method for handling this - from /usr/share/doc/ca-certificates/README.Debian:
If you want to install local certificate authorities to be implicitly
trusted, please put the certificate files as single files ending with
“.crt“ into “/usr/local/share/ca-certificates” and re-run
“update-ca-certificates”. If you want to prepare a local package
of your certificates, you should depend on “ca-certificates“, install
the PEM files into “/usr/local/share/ca-certificates” as above and call
“update-ca-certificates” in the package's “postinst“.
on my raspberry pi (raspian) I needed to put the crt file in /usr/share/ca-certificates/ (without the /local/), despite what the readme said in /usr/share/doc/ca-certificates
ReplyDelete