Linux: Place own/custom certificates in /etc/ssl/certs


sometimes it is necessary to add an own root/intermediate CA top your machine CA store.

It consists of three steps. Get the certificate, generate a hash of the ceritificate and create an symlink hash -> certificate.

For example the QuoVadis Global SSL ICA G3 certificate.

Get the certificate in pem (base64) format

root@debdev ~ # wget -O /etc/ssl/certs/quoVadis_global_ssl_ica_g3.pem

If you have a certificate in binary or rather in der format you must convert it to pem format.

root@debdev ~ # openssl x509 -inform der -in /home/quoVadis_global_ssl_ica_g3.crt -out /etc/ssl/certs/quoVadis_global_ssl_ica_g3.pem

Generate the hash

root@debdev ~ # openssl x509 -hash -noout -in /etc/ssl/certs/quoVadis_global_ssl_ica_g3.pem

and create an symlink hash to certificate (append .0 to the hash)

root@debdev ~ # ln -s /etc/ssl/certs/quoVadis_global_ssl_ica_g3.pem /etc/ssl/certs/35e514f6.0

Test (my_uoVadis_global_ssl_ica_g3_signed_certificate.pem is a certificate signed by QuoVadis Global SSL ICA G3)

root@debdev:~/ #  openssl verify -verbose -CApath /etc/ssl/certs -verbose my_uoVadis_global_ssl_ica_g3_signed_certificate.pem
my_uoVadis_global_ssl_ica_g3_signed_certificate.pem: OK


Advertisment to support

Leave a Reply

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.