Certificate authority (CA)

De Linuxmemo.

[modifier] Installing a CA (Ubuntu)

  • ca-certificates db: 
/usr/local/share/ca-certificates
Copy your certificate in PEM format (the format that has ----BEGIN CERTIFICATE---- in it) into /usr/local/share/ca-certificates and name it with a .crt file extension.
Then run sudo update-ca-certificates.

[modifier] test

You can verify if this worked by looking for the certificate that you just added in /etc/ssl/certs/ca-certificates.crt (which is just a long list of all of your trusted CA's concatenated together).

You can also use OpenSSL's s_client by trying to connect to a server that you know is using a certificate signed by the CA that you just installed. 

$ openssl s_client -connect foo.whatever.com:443 -CApath /etc/ssl/certs
Récupérée de « http://linuxmemo.free.fr/index.php?title=Certificate_authority_(CA) »
Outils personnels