My company gave me a file company_CA.crt that I need to use to access one of our customers website.
When I tried to add it on macOS, all I had to do was to click on the file, and then after imported, set it as "Always Trust".
I would like to do the same in Ubuntu, so I followed the next steps:
- Copied the CRT file to
usr/local/share/ca-certificates/my_company - Run
sudo update-ca-certificates
But I cannot still open the website. Did I miss a step?
Check if the CA root certificate for your customer_web_site is known or not in your system.
The CA certificate for customer_web_site server is (indeed) NOT known in the system.
File company_CA.crt must be in CRT format. (seems to be in this case) If it is in PEM format, then you have to conver it (openssl x509 -in xxxx.pem -inform PEM -out xxxx.crt
Copy the company_CA.crt file to new directory extra in /usr/share/ca-certificates
Let ubuntu pick-up that new CA certificate and install it in the Linux system
A menu will appear. Check option "ask" for Prompt for each new CA certificate. You will see your new certificate.
extra/company_CA.crt
Press space, to select that new CA certificate file and select OK.
uAt the end, you should see something like this:
1 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d...
Check if curl works without specifying the CA certificate file
It works.
If you want to know more about Self Signed Certificates and how to use them, then check my github.