Trusting a self-signed certifcate on Debian Jessie

I came across a number of how-to's on this subject although the vast majority were not that accurate for Debian Jessie.

So we have a scenario where we have a local application on our machine that uses a self-signed certificate that we would like to trust.

Firstly download the ca-certificates package:

apt-get install ca-certificates

Proceed by obtaining our certificate we would like to import e.g.:

openssl s_client -connect mywebsite.com:443

Extract the public key from the output and place it in a file called something like:

yourhost.crt

** Important: You MUST ensure that the file extension is '.crt' or the ca-certificates tool will not pickup the certificate! **

sudo cp mydomain.crt /usr/local/share/ca-certificates

sudo cp mydomain.crt /usr/share/ca-certificates

Then simply run the following command to update the certificate store:

sudo update-ca-certificates

And if (or when) you wish to remove the certificate we can issue the following command:

dpkg-reconfigure ca-certificates

Peter Manton :: Tech Notes

Pages

Wednesday, 2 December 2015

Trusting a self-signed certifcate on Debian Jessie

No comments:

Post a Comment