Trusting Server Certificates on Linux
On Linux, you can import a trusted certificate into the system's certificate store as shown below.
Perform the following steps only if you are sure of the authenticity of the certificate you want to trust. |
On Debian and Ubuntu, follow the steps below:
1.Copy the certificate file of the Web server to the following directory.
sudo cp /home/downloads/server_cert.crt /usr/local/share/ca-certificates/ |
2.Update the certificate store as follows:
sudo update-ca-certificates |
On CentOS, follow the steps below:
1.Install the ca-certificates package:
yum install ca-certificates |
2.Enable the dynamic certificate authority configuration feature:
update-ca-trust enable |
3.Copy the server certificate to the following directory:
cp server_cert.crt /etc/pki/ca-trust/source/anchors/ |
4.Use the command:
update-ca-trust extract |
For cases where you need to access the server only through the browser, it is sufficient to import the certificate into the browser certificate store. The exact instructions will vary for each browser. For example, in Firefox 59.0.2, you can do this as follows:
1.Under Options | Privacy & Security, click View Certificates.
2.On Authorities tab, click Import and browse for the root certificate file created previously.
3.When prompted, select Trust this CA to identify websites.
