Adding Self-Signed PKI to Linux Trusted Certificate Store

#SSL #Certificate #Linux

Full steps can be found at https://i12bretro.github.io/tutorials/0161.html

Prerequisites

   - A XCA PKI database  https://youtu.be/ezzj3x207lQ

Exporting Certificates from XCA

   01. Launch XCA    02. Open the PKI database if it is not already (File ≫ Open DataBase), enter password    03. Click on the Certificates tab    04. Right click the Intermediate CA certificate ≫ Export ≫ File    05. Set the file name with a .crt extension and verify the export format is PEM (.crt)    06. Click OK    07. Right click the Root CA certificate ≫ Export ≫ File    08. Set the file name with a .crt extension and verify the export format is PEM (.crt)    09. Click OK

Trusting the CA Ceritificates in a Linux Environment

   01. Download WinSCP  https://winscp.net/eng/downloads.php    02. Extract WinSCP and run the executable    03. Connect to the target Linux device server via WinSCP    04. Copy the created .crt files to ~/    05. Log into the target Linux device (console or ssh)    06. Run the following commands in a terminal window:          sudo mkdir /usr/local/share/ca-certificates/self-signed          sudo cp ~/root-ca.crt /usr/local/share/ca-certificates/self-signed          sudo cp ~/intermediate-ca.crt /usr/local/share/ca-certificates/self-signed          sudo update-ca-certificates    07. An ouput stating 2 added should display    08. Run the following command in a terminal window and verify the imported certificate authorities display in the list          sudo ls /etc/ssl/certs  

Connect with me and others

★ Discord: https://discord.com/invite/EzenvmSHW8 ★ Reddit: https://reddit.com/r/i12bretro ★ Twitter: https://twitter.com/i12bretro ... https://www.youtube.com/watch?v=DNoFbrHtsFQ