Sometimes, working with SSL certificates isn’t all it’s cropped up to be. Heck, most of the time it’s not. It’s painful, time-consuming work.
However, it’s actually not so hard to install a self-signed certificate authority in Ubuntu, using a few commands.
libnss3-tools, which contains the
sudo apt-get install libnss3-tools
Next, we’ll copy the public certificate authority file to the certificate store:
sudo cp my_ca.crt /usr/share/ca-certificates/
We’ll now recompile the SSL CA list for Ubuntu, adding our certificate:
sudo dpkg-reconfigure ca-certificates
This will lead to a ncurses menu. In this menu, choose
ask, and scroll through the long list of trusted CAs until you find your ‘my_ca.crt’ certificate authority file. Mark it for inclusion with Space, then hit Tab then Enter to finish up.
The last step is to install the certificate into Google Chrome’s registry. (If you’re using Firefox or otherwise, your mileage may vary.) Let’s add it with this command:
certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n "My Homemade CA" -i my_ca.crt
Great! Now restart Google Chrome and you should now see your sites signed with this CA as being trusted