Certificate authority (CA)
De Linuxmemo.
(Différences entre les versions)
(Page créée avec « Catégorie:Linux sysadmin ==Installing a CA (Ubuntu)== *ca-certificates db: /usr/local/share/ca-certificates Copy your certificate in PEM format (the format that has --... ») |
(→Installing a CA (Ubuntu)) |
||
| Ligne 5 : | Ligne 5 : | ||
Copy your certificate in PEM format (the format that has ----BEGIN CERTIFICATE---- in it) into /usr/local/share/ca-certificates and name it with a .crt file extension. | Copy your certificate in PEM format (the format that has ----BEGIN CERTIFICATE---- in it) into /usr/local/share/ca-certificates and name it with a .crt file extension. | ||
Then run sudo update-ca-certificates. | Then run sudo update-ca-certificates. | ||
| + | ==test== | ||
| + | You can verify if this worked by looking for the certificate that you just added in /etc/ssl/certs/ca-certificates.crt (which is just a long list of all of your trusted CA's concatenated together). | ||
| + | |||
| + | You can also use OpenSSL's s_client by trying to connect to a server that you know is using a certificate signed by the CA that you just installed. | ||
| + | $ openssl s_client -connect foo.whatever.com:443 -CApath /etc/ssl/certs | ||
Version actuelle en date du 18 février 2019 à 15:06
[modifier] Installing a CA (Ubuntu)
- ca-certificates db:
/usr/local/share/ca-certificates Copy your certificate in PEM format (the format that has ----BEGIN CERTIFICATE---- in it) into /usr/local/share/ca-certificates and name it with a .crt file extension. Then run sudo update-ca-certificates.
[modifier] test
You can verify if this worked by looking for the certificate that you just added in /etc/ssl/certs/ca-certificates.crt (which is just a long list of all of your trusted CA's concatenated together).
You can also use OpenSSL's s_client by trying to connect to a server that you know is using a certificate signed by the CA that you just installed.
$ openssl s_client -connect foo.whatever.com:443 -CApath /etc/ssl/certs
