Add Trusted Root CA certificate on Ubuntu
Do you need to add a custom trusted root CA on Ubuntu, and somehow always forget the correct procedure? Here's a quick reminder to use as reference!
Certificates need to be in PEM (textual) format, with the .crt extension. Use the
file command to tell if the certificate file is using the DER (binary) format:
$ file -b my-root-ca.cer data
file command returns "data", or anything other than "PEM certificate", then convert it using OpenSSL:
openssl x509 -inform der -in my-root-ca.cer -out my-root-ca.crt
The .cer and .der file extensions are normally used for binary encoding, but the .crt file extension is used for both binary and textual encodings. Ensure that the resulting certificate uses PEM encoding with the .crt file extension:
$ file -b my-root-ca.crt PEM certificate
Move the certificate file to '/usr/local/share/ca-certificates/' and then call
sudo mv my-root-ca.crt /usr/local/share/ca-certificates/ sudo update-ca-certificates
That's it, your root CA certificate should now be trusted system-wide!