How to noninteractively add Certificate Authority (CA) ssl certificates from script

ssl ansible scripts certificates

Solution 1:

I found lots of cool stuff around altering the debconf database to have the questions in the UI preseeded, but it didn't actually change anything for me.

Ultimately, what got it working for me was to figure out what dpkg-reconfigure is likely doing and then just do it myself (via script). It wasn't actually that much.

  1. Copy your .crt certs to /usr/share/ca-certificates/your.domain.tld

  2. Symlink these certs you added to /usr/share/ca-certificates/your.domain.tld in to /etc/ssl/certificates/

  3. Make sure /etc/ca-certificates.conf contain a line for your certs like:

    your.domain.tld/issuing_ca.crt
your.domain.tld/root_ca.crt

    Notice that those lines do NOT start with !, that would deselect these certs. For this step, I used:

    • sed -i ... to make sure these lines had no leading !

    • bash conditional to check if these lines even existed, e.g.:

      if [ ! grep -q "your.domain.tld/issuing_ca.crt" /etc/ca-certificates.conf ] ; then

    • if the lines didn't exist, I added them with:

      cat [filename] >> /etc/ca-certificates.conf

  4. Run sudo update-ca-certificates.

    (This combines all the certs in /etc/ssl/certs to make a single ca-certificates.crt that applications use.)

Related

Minecraft Server Error
How can I limit the CPU and RAM usage for a process?
Ubuntu Local Network Share - Failed to mount Windows share: Permission denied
Is there a way to build trees in Biopython Phylotree from scratch?
Python: modifying enclosing variable in function
How to install conda without Anaconda or Miniconda installer?
Chainlink VRF very slow - 20+ minutes for response to fulfillRandomness on Rinkeby
Python openpyxl data_only=True returning None
Kafka RangeAssignor benefits over RoundRobin
face-api.js Use face expression model on hidden video feed
Dynamic Tables with redirec(url_for()) in Flask [duplicate]
Typescript static method does not exist on type someclass