Installing certificates in Ubuntu OS

In the last article we explained what certificates are in Ubuntu and what tasks they perform. In this article we will talk about how to install certificates, in particular how to install them in the operating system.

Installation in the OS

If you want to use signed certificates to enable HTTPS support on a Web server, then open that Web site in a browser or query it on the command line, the system will give you an SSL error.

It will say that this certificate is not trusted and connecting to this site may not be secure.

curl -I https://localhost

For a certificate to be considered trusted, the OS must add the root certificate of the CA that signed the certificate to the trusted list. If the certificate is self-signed, you can add the certificate itself to the trusted list.

You already have a ca.crt. certificate, but how can you make the OS treat it as valid? To do this, copy it to the /usr/local/share/ca-certificates folder:

cp ./ca.crt /usr/local/share/ca-certificates/losstca.crt

The next thing to do is to execute the command:

sudo update-ca-certificates

Then you need to verify that the system recognizes the certificate as trusted by running the curl command:

However, this method is appropriate when programs use the system's trusted certificate store. Browsers (Firefox and Google Chrome) have their own certificate stores and do not use the system store. Each browser needs to import certificates separately.

Otherwise, you will get an error like this:

Chrome, Firefox, Thunderbird use nssdb to work with certificates. You can import certificates both in the browser GUI and in the terminal using the certutil program.