Installing a CA certificate authority system-wide

8 replies [Last post]
vixxo
Offline
Joined: 10/26/2013

hello! I need to install a CA certificate (http://www.autistici.org/en/ca/index.html this one) system-wide. How can I do this ?

I've tried importing that on Seahorse but, after showing me the certificate informations, the button "Import" isn't clickable, same thing as running seahorse as root.

I've also tried following this guide provided by the source of the certificate: http://www.autistici.org/en/stuff/man_ca/linux.html

All unsuccefully.

Thank you all for the help

vixxo
Offline
Joined: 10/26/2013

I'm sorry for the bump but, really noone can help me ? :(

BugRep
Offline
Joined: 04/05/2012

You can do it like this:

sudo cp certificate-name.crt /usr/share/ca-certificates/
sudo dpkg-reconfigure ca-certificates

Just make sure that the certificate has crt extension.

BugRep
Offline
Joined: 04/05/2012

Didn't read your post carefully. If you tried to follow the guide you probably didn't run the commands as root.

To solve this you can prepend sudo to the commands like this:

sudo wget -O /usr/local/share/ca-certificates/autistici-ca.crt http://autistici.org/static/certs/ca.crt
sudo update-ca-certificates

Of course, this needs to be executed in a terminal.

Jookia
Offline
Joined: 08/01/2015

You really shouldn't grab a certificate over an unencrypted connection then add it to system-wide.

vixxo
Offline
Joined: 10/26/2013

I've verified the integrity of the certificate by checking the signature ecc.

vixxo
Offline
Joined: 10/26/2013

@BugRep I've tried both tips you suggested but nothing seems to change.

BugRep
Offline
Joined: 04/05/2012

Could you at least provide messages that were shown to you, so I can determine what failed?

Maybe you're not testing it properly. To test if you included the certificate you can try running this:

curl https://www.autistici.org/en/stuff/man_ca/linux.html

If you see an error message that means it failed. However if you see the source of the page it means it works.

vixxo
Offline
Joined: 10/26/2013

I see the source, so It's working, so why Pidgin and other software don't recognize the fact that the Cetificate Authority is installed and tell me to trust the ssl certificate?