Wednesday 2 December 2015

Trusting a self-signed certifcate on Debian Jessie

I came across a number of how-to's on this subject although the vast majority were not that accurate for Debian Jessie.

So we have a scenario where we have a local application on our machine that  uses a self-signed certificate that we would like to trust.

Firstly download the ca-certificates package:
apt-get install ca-certificates
Proceed by obtaining our certificate we would like to import e.g.:
openssl s_client -connect mywebsite.com:443
Extract the public key from the output and place it in a file called something like:

yourhost.crt

** Important: You MUST ensure that the file extension is '.crt' or the ca-certificates tool will not pickup the certificate! **
sudo cp mydomain.crt /usr/local/share/ca-certificates
or
sudo cp mydomain.crt /usr/share/ca-certificates

Then simply run the following command to update the certificate store:
 sudo update-ca-certificates
And if (or when) you wish to remove the certificate we can issue the following command:
 dpkg-reconfigure ca-certificates

0 comments:

Post a Comment