Adding a Certificate Authority to the Trusted List in Ubuntu

Sometimes, working with SSL certificates isn’t all it’s cropped up to be. Heck, most of the time it’s not. It’s painful, time-consuming work.

However, it’s actually not so hard to install a self-signed certificate authority in Ubuntu, using a few commands.

First, install libnss3-tools, which contains the certutil command:

sudo apt-get install libnss3-tools

Next, we’ll copy the public certificate authority file to the certificate store:

sudo cp my_ca.crt /usr/share/ca-certificates/

We’ll now recompile the SSL CA list for Ubuntu, adding our certificate:

sudo dpkg-reconfigure ca-certificates

This will lead to a ncurses menu. In this menu, choose ask, and scroll through the long list of trusted CAs until you find your ‘my_ca.crt’ certificate authority file. Mark it for inclusion with Space, then hit Tab then Enter to finish up.

The last step is to install the certificate into Google Chrome’s registry. (If you’re using Firefox or otherwise, your mileage may vary.) Let’s add it with this command:

certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n "My Homemade CA" -i my_ca.crt

Great! Now restart Google Chrome and you should now see your sites signed with this CA as being trusted :)

11 thoughts on “Adding a Certificate Authority to the Trusted List in Ubuntu

  1. Thank you so much!!!! this is a really easy how to!
    I am very glad, i see my synology in a beautiful green HTTPS!

  2. Whhat i don’t understood is in truth how yoou are no longer really a lot more neatly-favored than you might be right now.
    Yoou are very intelligent. You already know therefore considerably with regards to
    this topic, produced mee for my part believe iit from so many numerous angles.
    Its like men and women don’t seem too be involved unless it is one thing
    to do with Woman gaga! Your personal stuffs outstanding.

    Alll the time taje care of it up!

    For aan awesome review please click the llink to this blog
    - advanced cleanse plus aloe

  3. Mostt of thе vpn companies arᥱ ‘plug and play’ style vpns.
    Current PBX systems cаn accommodate three ajor telephone stations – analog, digiital aand IP.
    Ιf үou’ге in China and еspecially iif ʏоu’νᥱ gott a vpn іn China, уօu’νе ⲣrobably heard tɦе гecent news аbout
    ɑ ɦuge block ⲟf some οf tһe mmost popular
    vpn compoanies iin China.

    Feel free tо visit mу web рage change
    ip – fvv.kr
    -

  4. Hello just wanted to give you a brief heads up and let you know a few of the images aren’t loading properly.

    I’m not sure why but I think its a linking issue.
    I’ve tried it in two different web browsers and both show the same results.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>