« LINUX - Add certificates to CA file » : différence entre les versions
De PedroWiki
Aller à la navigationAller à la recherche
imported>Jules Page créée avec « = Introduction = You may need, at some point, to manually add some certs (self signed certs for instance, or certs associated to a local/internal PKI) to the system CA st... » |
imported>Jules |
||
| (2 versions intermédiaires par le même utilisateur non affichées) | |||
| Ligne 1 : | Ligne 1 : | ||
= Introduction = | = Introduction = | ||
You may need, at some point, to manually add some certs | You may need, at some point, to manually add some certs to the system CA store. | ||
Use cases: | |||
* self signed certs for instance, | |||
* or certs associated to a local/internal PKI, | |||
* or CA certs not known by default by your system. | |||
* ... | |||
= How to add cert? = | = How to add cert? = | ||
| Ligne 8 : | Ligne 14 : | ||
See [https://manpages.ubuntu.com/manpages/focal/man8/update-ca-certificates.8.html this manpage about update-ca-certificate command]. | See [https://manpages.ubuntu.com/manpages/focal/man8/update-ca-certificates.8.html this manpage about update-ca-certificate command]. | ||
=== CA Cert === | |||
Steps: | Steps: | ||
| Ligne 31 : | Ligne 39 : | ||
Running hooks in /etc/ca-certificates/update.d... | Running hooks in /etc/ca-certificates/update.d... | ||
done. | done. | ||
=== Local cert === | |||
* If needed rename your cert(s) file(s) with a .crt extension. | |||
* Then place it in ''/usr/share/local/ca-certificates/''. | |||
* Finally update the store | |||
update-ca-certificates [[--fresh]] | |||
=== Environment variable === | |||
You may have to set an environment variable for some third party apps to properly work with this CA store (Ansible, Python...): | |||
export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt | |||
Think about adding this environment variable to your ''.bashrc'' file for instance. | |||
[[Category:SSL]] | [[Category:SSL]] | ||
[[Category:Linux]] | |||
[[Category:Howto]] | |||
Dernière version du 6 mars 2023 à 12:32
Introduction
You may need, at some point, to manually add some certs to the system CA store.
Use cases:
- self signed certs for instance,
- or certs associated to a local/internal PKI,
- or CA certs not known by default by your system.
- ...
How to add cert?
Ubuntu
See this manpage about update-ca-certificate command.
CA Cert
Steps:
- get the cert(s) you want to add, and create files
vi mycert.pem
- put those files in a subfolder of /usr/share/ca-certificates/
mkdir /usr/share/ca-certificates/mysubfolder mv mycert.pem /usr/share/ca-certificates/mysubfolder/
- edit /etc/ca-certificates.conf and add 1 line per new cert at the end of the file
mysubfolder/mycert.pem
- finally, update the CA store with the appropriate command:
root@mymachine:/usr/share/ca-certificates/manitou# update-ca-certificates Updating certificates in /etc/ssl/certs... ... 1 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done.
Local cert
- If needed rename your cert(s) file(s) with a .crt extension.
- Then place it in /usr/share/local/ca-certificates/.
- Finally update the store
update-ca-certificates --fresh
Environment variable
You may have to set an environment variable for some third party apps to properly work with this CA store (Ansible, Python...):
export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
Think about adding this environment variable to your .bashrc file for instance.
