1

First off I am not sure whether I have the correct terminology. What I mean by certificate authority is a verified certificate distributor such that if I goto a website in my Browser that is HTTPS (with an SSL certificate) it doesn't give a warning that it might be unsafe.

There is two things I need to do here.

I have a Windows XP machine and a Linux Mint (Ubuntu 14 base) machine. The Windows XP machine has a certificate authority installed such that it authorizes use of certificates it distributes so that I don't get any warnings in my browsers. I need to extract this from the Windows XP machine

Second, I need to "install" this onto my Ubuntu machine such that it when I visit a website via any browser on my Ubuntu machine that has a certificate issued by the CA, that I don't get a warning/have to add an exception.

I hope I have asked the question properly - please say if you don't understand.

Cheetah
  • 1,313

1 Answers1

1

Save the CA certificate to a file, in PEM format (the text format with BEGIN CERTIFICATE headers). If you have it in binary (DER) format, use openssl x509 -inform der to convert.

Make sure the file name has a .crt extension. Copy it to the /usr/local/share/ca-certificates directory and run update-ca-certificates. Finally, restart your web browser.

While both Chromium and Firefox have their own CA databases, on Linux they should pick up all certificates from the system-wide store nevertheless. But if they don't, you can use certtool to fix that, by installing the CA into your personal browser profile. (Both browsers use NSS format databases.)

For Chromium, the certificate database is always sql:$HOME/.pki/nssdb:

certutil -d "sql:$HOME/.pki/nssdb" -A -i ca.pem -n "My CA" -t "C,,"

For Firefox, use the profile directory instead; e.g. $HOME/.mozilla/firefox/ov6jazas.default (without the "sql:" prefix).

grawity
  • 501,077