Ubuntu: add a certificate from an internal certificate authority

In this tutorial, I will show you how to add the certificate of an internal CA on an Ubuntu machine.

In business, we often use an Enterprise Certification Authority, which allows us to generate certificates for applications, services, computers and users.

If you have servers under Ubuntu and you want, for example, to use scripts that use Curl and you do not want to use the -k parameter which allows you to bypass certificate verification, you will need install the CA root certificate.

If you have not already done so, export the CA certificate in base-64 encoded X.509 format.

You are in possession of your certificate, here on the capture the file CA-RDRIT.cer 1.

Open the certificate with a text editor and copy the content.

On the Ubuntu server, create a crt file to paste the content:

nano CA-RDRIT.crt

Then paste the content (the certificate encoded in base 64) and save.

I have my certificate on my Ubuntu machine:

Now we will copy the certificate into the folder /usr/local/share/ca-certificates/.

sudo cp CA-CERT.crt /usr/local/share/ca-certificates/

We check that the file is copied:

ls /usr/local/share/ca-certificates/

All that remains is to update the list of certificate authorities on Ubuntu:

sudo update-ca-certificates

In the screenshot, we can see that a certificate has been added.

You now know how to add a certificate from a certification authority on Ubuntu, no more reason to use parameters in the commands to “bypass” the certificate verification.

Leave a Comment