How to add / Installing a root/CA Certificate on Debian, Ubuntu, Mint Linux
Because of various auditing failures and other security issues, the CAcert root certificate set is slowly disappearing from the Ubuntu and Debian ‘ca-certificates’ package.
That's really tricky because if you're a system administrator or have a bunch of programmers whose needs is to install a new set of root certificates for their freshly develped Application or you have to make a corporate certificates added to debian rootca, then the good news is it is quite easy to install new certificates to deb based distributions.
Given a CA certificate file foo.crt, follow these steps to install it on Debian / Ubuntu:
Create a directory for extra CA certificates in /usr/share/ca-certificates:
debian:~# mkdir /usr/share/ca-certificates/extra-certificates
Copy the CA .crt file to this directory:
debian:~# cp foo.crt /usr/share/ca-certificates/extra-certificates/foo.crt
Let Debian / Ubuntu add the .crt file's path relative to /usr/share/ca-certificates to /etc/ca-certificates.conf (the file lists certificates that you wish to use or to ignore to be installed in /etc/ssl/certs)
debian:~# dpkg-reconfigure ca-certificates
In case you want to include a .pem file to the list of trustable certificates on Debian / Ubuntu, it must first be converted to a .crt file first, you can do that with:
debian:~# openssl x509 -in foo.pem -inform PEM -out foo.crt
Lets say you want to add some custom Root certificate for exapmle cacert.org
debian:~# mkdir /usr/local/share/ca-certificates/cacert.org
debian:~# cd /usr/local/share/ca-certificates/cacert.org
debian:~# mkdir /usr/local/share/ca-certificates/cacert.org
debian:~# wget -P /usr/local/share/ca-certificates/cacert.org http://www.cacert.org/certs/root.crt http://www.cacert.org/certs/class3.crt
Then once again update the ca certificates bundle
debian:~# update-ca-certificates
More helpful Articles
Tags: cacerts, debian cd, debian linux, foo, How to, howto, Install, Let Debian Ubuntu, mkdir, org, root certificate, security issues, share, usr, where is debian root certificates add, www