Posts Tagged ‘cacerts’

How to install / add new root certificates on Debian, Ubuntu, Mint Linux

Saturday, October 21st, 2017

Reading Time: 2minutes


How to add / Installing a root/CA Certificate on Debian, Ubuntu, Mint Linux


 Because of various auditing failures and other security issues, the CAcert root certificate set is slowly disappearing from the Ubuntu and Debian ‘ca-certificates’ package.

That's really tricky because if you're a system administrator or have a bunch of programmers whose needs is to install a new set of root certificates for their freshly develped Application or you have to make a corporate certificates added to debian rootca, then the good news is it is quite easy to install new certificates to deb based distributions.


Given a CA certificate file foo.crt, follow these steps to install it on Debian / Ubuntu:

    Create a directory for extra CA certificates in /usr/share/ca-certificates:


    debian:~# mkdir /usr/share/ca-certificates/extra-certificates


    Copy the CA .crt file to this directory:


    debian:~# cp foo.crt /usr/share/ca-certificates/extra-certificates/foo.crt


    Let Debian / Ubuntu add the .crt file's path relative to /usr/share/ca-certificates to /etc/ca-certificates.conf (the file lists certificates that you wish to use or to ignore to be installed in /etc/ssl/certs)


    debian:~# dpkg-reconfigure ca-certificates


In case you want to include a .pem file to the list of trustable certificates on Debian / Ubuntu, it must first be converted to a .crt file first, you can do that with:


    debian:~# openssl x509 -in foo.pem -inform PEM -out foo.crt


Lets say you want to add some custom Root certificate for exapmle




   debian:~# mkdir /usr/local/share/ca-certificates/
   debian:~# cd /usr/local/share/ca-certificates/
   debian:~# mkdir /usr/local/share/ca-certificates/
   debian:~# wget -P /usr/local/share/ca-certificates/




Then once again update the ca certificates bundle

   debian:~# update-ca-certificates