Install self-signed SSL cert

Izzette · 2016-11-16 03:01:07

I've got a self-signed SSL certificate in PEM format, I've put it everywhere, and run update-ca-trust as root, and it doesn't seem to get installed. I've tried {/etc,/usr{,/local}/share}/ca-certificates{,/trust-source{,/anchors}}, and a few others. I've tried naming *.pem, *.crt, and <openssl x509 -hash>.0. Converting it to DER. blah blah blah blah blah. So frustrated. What am I doing wrong?

x33a · 2016-11-16 10:57:59

What is the certificate meant for?

Trilby · 2016-11-16 12:38:06

It doesn't really matter where you put it, but whatever service is to use it needs to have a setting in it's configuration pointing to that file. For example, cert files are listed in /etc/http/conf/extra/http-vhosts.conf for apache (if you are using vhosts).

But have you looked into letsencrypt and certbot? I was (formerly) completely baffled by the whole process of getting and using CA certificates. I spent many frustrating weeks trying to get and use a self-signed certificate only to realize as I learned more how pointless a self-signed cert really was. Unfortunately at that time letsencrypt wasn't fully up and running and the only alternative was to pay some company and arm and a leg.

Now I use cerbot with a letsencrypt cert, and it really couldn't be easier. Its actually much easier to get a proper cert through certbot than it is to create my own self-signed.

Of course, I could be totally misreading this, and perhaps you could mean you received a certificate from a third party for their service that they had self-signed. If that's the case, ignore all the certbot/letsencrypt stuff, but the point that it depends on the process/service configuration still holds. An example of this end is mbsync which would list certs in ~/.mbsyncrc.

Izzette · 2016-11-16 14:15:01

Yeah, it's not my certificate, and it's not installed on my server; a third-party(-ish) service (web server) already uses it. I want to install it primarily to remove the warning from my web browser, but less so to prevent a MitM attack. Do I need to install some certificate for the key they signed it with instead, or something like that? I did once use a self-signed cert on my own web server, and I think I managed to install that, so I'm very confused.

Last edited by Izzette (2016-11-16 14:15:33)

Trilby · 2016-11-16 14:24:28

OK, then this is a browser configuration - what browser?

Izzette · 2016-11-16 14:33:42

Actually, I think I may have figured out what was wrong, thanks anyways guys.

ewaller · 2016-11-16 15:41:53

Izzette wrote:

Actually, I think I may have figured out what was wrong, thanks anyways guys.

Oh, come on

https://wiki.archlinux.org/index.php/Co … way_street

Don't leave us hanging in suspense. This thread could be useful to the next person in this boat -- but, like way to many threads on the Internet, it is worthless unless you share the solution

Arch Linux

#1 2016-11-16 03:01:07

Install self-signed SSL cert

#2 2016-11-16 10:57:59

Re: Install self-signed SSL cert

#3 2016-11-16 12:38:06

Re: Install self-signed SSL cert

#4 2016-11-16 14:15:01

Re: Install self-signed SSL cert

#5 2016-11-16 14:24:28

Re: Install self-signed SSL cert

#6 2016-11-16 14:33:42

Re: Install self-signed SSL cert

#7 2016-11-16 15:41:53

Re: Install self-signed SSL cert

Board footer