LINUX - Add certificates to CA file : Différence entre versions
De PedroWiki
(Page créée avec « = Introduction = You may need, at some point, to manually add some certs (self signed certs for instance, or certs associated to a local/internal PKI) to the system CA st... ») |
(→Environment variable) |
||
| (2 révisions intermédiaires par le même utilisateur non affichées) | |||
| Ligne 1 : | Ligne 1 : | ||
= Introduction = | = Introduction = | ||
| − | You may need, at some point, to manually add some certs | + | You may need, at some point, to manually add some certs to the system CA store. |
| + | |||
| + | Use cases: | ||
| + | * self signed certs for instance, | ||
| + | * or certs associated to a local/internal PKI, | ||
| + | * or CA certs not known by default by your system. | ||
| + | * ... | ||
= How to add cert? = | = How to add cert? = | ||
| Ligne 8 : | Ligne 14 : | ||
See [https://manpages.ubuntu.com/manpages/focal/man8/update-ca-certificates.8.html this manpage about update-ca-certificate command]. | See [https://manpages.ubuntu.com/manpages/focal/man8/update-ca-certificates.8.html this manpage about update-ca-certificate command]. | ||
| + | |||
| + | === CA Cert === | ||
Steps: | Steps: | ||
| Ligne 31 : | Ligne 39 : | ||
Running hooks in /etc/ca-certificates/update.d... | Running hooks in /etc/ca-certificates/update.d... | ||
done. | done. | ||
| + | |||
| + | === Local cert === | ||
| + | |||
| + | * If needed rename your cert(s) file(s) with a .crt extension. | ||
| + | * Then place it in ''/usr/share/local/ca-certificates/''. | ||
| + | * Finally update the store | ||
| + | |||
| + | update-ca-certificates [[--fresh]] | ||
| + | |||
| + | === Environment variable === | ||
| + | |||
| + | You may have to set an environment variable for some third party apps to properly work with this CA store (Ansible, Python...): | ||
| + | |||
| + | export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt | ||
| + | |||
| + | Think about adding this environment variable to your ''.bashrc'' file for instance. | ||
[[Category:SSL]] | [[Category:SSL]] | ||
| + | [[Category:Linux]] | ||
| + | [[Category:Howto]] | ||
Version actuelle datée du 6 mars 2023 à 12:32
Sommaire
Introduction
You may need, at some point, to manually add some certs to the system CA store.
Use cases:
- self signed certs for instance,
- or certs associated to a local/internal PKI,
- or CA certs not known by default by your system.
- ...
How to add cert?
Ubuntu
See this manpage about update-ca-certificate command.
CA Cert
Steps:
- get the cert(s) you want to add, and create files
vi mycert.pem
- put those files in a subfolder of /usr/share/ca-certificates/
mkdir /usr/share/ca-certificates/mysubfolder mv mycert.pem /usr/share/ca-certificates/mysubfolder/
- edit /etc/ca-certificates.conf and add 1 line per new cert at the end of the file
mysubfolder/mycert.pem
- finally, update the CA store with the appropriate command:
root@mymachine:/usr/share/ca-certificates/manitou# update-ca-certificates Updating certificates in /etc/ssl/certs... ... 1 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done.
Local cert
- If needed rename your cert(s) file(s) with a .crt extension.
- Then place it in /usr/share/local/ca-certificates/.
- Finally update the store
update-ca-certificates --fresh
Environment variable
You may have to set an environment variable for some third party apps to properly work with this CA store (Ansible, Python...):
export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
Think about adding this environment variable to your .bashrc file for instance.
