Disable SSL certificate validation in Ubuntu totally
Disable SSL certificate validation in Ubuntu totally
Fortunately that is not really possible apart from compiling the relevant applications again and disabling certificate validation in the code.
The proper way to proceed is not to disable validation but to add the CA certificate used by the proxy as trusted. This way you can use the proxy without any warnings but are still not vulnerable to arbitrary man in the middle attacks like you would be if you disable all validation.
Please ask your network administrators for the proper CA certificate and then install it as described for example here for Firefox (although this specific site is for Windows it is the same with Firefox on Linux).
The correct way about this is to add the CA certificate(s) used by the proxy. If they are rotated frequently this may indeed become annoying. To install the certificates such that they are used by most applications (unlike Firefox which uses its own certificate store), do the following:
- Obtain the certificate(s) in Base64 encoded X.509 format.
An easy way to obtain them is through Chrome viaSettings,Advanced,Manage Certificateson an IT managed/auto-updated system. - Copy them to
/usr/local/share/ca-certificates
(Optionally make a new subfolder) - If the extension is not .crt rename the files.
sudo update-ca-certificates
When repeating this exercise the certificates might not update. You can work around this by first running.
sudo rm -f /etc/ssl/certs/[certificate-name].pem
where [certificate-name] matches the filename(s) of the certificates without the original (.crt) extension.
NOTE: Tested under Ubuntu 16.04, but I expect it will behave the same under 18.04.