How to install a CA key (self signed SSL) on ubuntu? [duplicate]

I have a bunch of machines that need to fetch https: off a server (or collection of servers). I'm operating a CA and self-signing the certificates on the server(s).

The client machines are running ubuntu. Some of the fetches are via apt, some via wget.

How do I install the CA's certificate on the clients so that all of its certs are recognized without warnings or errors? (Just the directory location is sufficient, I'll package it in an appropriate way.)

Thanks.


Copying the *.pem file for your certification authority to /etc/ssl/certs/ should do the trick.


On Ubuntu 12.04 (precise), you have to drop the certificate file to /usr/local/share/ca-certificates and it has to end with .crt

Then run update-ca-certificates. It should tell you: "1 added, 0 removed; done."

Note that unfortunately firefox does not honor the system installed certificates ( http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316436 ). You can use wget or w3m, which do honor them, to test if the certificate works.


You'll have to copy the certificate of the root CA to the /etc/ssl/certs directory in PEM format. Then you must run the update-ca-certificates script which will add the certificate to the certificate bundle (/etc/ssl/certs/ca-certificates.crt) and make the symlink from the file to its hash value.


Not what you asked, but I recommend www.cacert.org for certs. It's free but installed by default in all browsers. It is in more browsers than your self-signed cert though.