| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667 |
- <!DOCTYPE html>
- <html lang="en" xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <title>Adding Self-Signed PKI to Linux Trusted Certificate Authorities</title>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
- <meta charset="UTF-8">
- <meta name="keywords" content="Home Lab,Home Lab Ideas,Install Guide,PKI,Public Key Infrastructure,SSL,SSL Certificates,Self-Signed,Self-Signed Certificate,Self-Signed HTTPS,Self-Signed PKI,Self-Signed SSL,X Certificate And Key Management,XCA,X Certificate Key Manager,Certificates,Certificate Authority,HTTPS,Linux,Debian,How To Add Self-signed Certificates To Linux,How To,Tutorial,i12bretro">
- <meta name="author" content="i12bretro">
- <meta name="description" content="Adding Self-Signed PKI to Linux Trusted Certificate Authorities">
- <meta name="viewport" content="width=device-width, initial-scale=1.0">
- <meta name="revised" content="12/28/2022 07:13:03 AM" />
- <link rel="icon" type="image/x-icon" href="includes/favicon.ico">
- <script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.min.js"></script>
- <script type="text/javascript" src="includes/js/steps.js"></script>
- <link href="css/steps.css" rel="stylesheet" type="text/css" />
- </head>
- <body>
- <div id="gridContainer">
- <div class="topMargin"></div>
- <div id="listName" class="topMargin">
- <h1>Adding Self-Signed PKI to Linux Trusted Certificate Authorities</h1>
- </div>
- <div></div>
- <div id="content">
- <h2>Prerequisites</h2>
- <ul>
- <li class="noCheckbox">A XCA PKI database <a href="https://youtu.be/ezzj3x207lQ" target="_blank">https://youtu.be/ezzj3x207lQ</a></li>
- </ul>
- <h2>Exporting Certificates from XCA</h2>
- <ol>
- <li>Launch XCA</li>
- <li>Open the PKI database if it is not already (File > Open DataBase), enter password</li>
- <li>Click on the Certificates tab</li>
- <li>Right click the Intermediate CA certificate > Export > File</li>
- <li>Set the file name with a .crt extension and verify the export format is PEM (*.crt)</li>
- <li>Click OK</li>
- <li>Right click the Root CA certificate > Export > File</li>
- <li>Set the file name with a .crt extension and verify the export format is PEM (*.crt)</li>
- <li>Click OK</li>
- </ol>
- <h2>Trusting the CA Ceritificates in a Linux Environment</h2>
- <ol>
- <li>Download WinSCP <a href="https://winscp.net/eng/downloads.php" target="_blank">Download</a></li>
- <li>Extract WinSCP and run the executable</li>
- <li>Connect to the target Linux device server via WinSCP</li>
- <li>Copy the created .crt files to ~/</li>
- <li>Log into the target Linux device (console or ssh)</li>
- <li>Run the following commands in a terminal window:
- <div class="codeBlock">sudo mkdir /usr/local/share/ca-certificates/self-signed<br />
- sudo cp ~/root-ca.crt /usr/local/share/ca-certificates/self-signed<br />
- sudo cp ~/intermediate-ca.crt /usr/local/share/ca-certificates/self-signed<br />
- sudo update-ca-certificates</div>
- </li>
- <li>An ouput stating 2 added should display</li>
- <li>Run the following command in a terminal window and verify the imported certificate authorities display in the list
- <div class="codeBlock">sudo ls /etc/ssl/certs</div>
- </li>
- </ol> </div>
- </div>
- </body>
- </html>
-
|
