Import Non trusted certificates to local trusted certificate store

Description:

---

This article will walk through importing a third party not trusted certificate into a linux server, allowing the server to trust the certificate as it would a legitimately purchased trusted certificate.

Pre-Requisites:

---

A third party self signed or non trusted certificate has already been generated on the service handling server, and has been SCPed over to the client server's /tmp directory

More information on generating a self signed certificate can be found here

NOTICE:

For this scenario, we will assume that we are using a local Gitlab instance, with a self signed certificate

Test the Certificate

---

From the client machine, test the validity of the certificate on the service providing server (Gitlab)

openssl s_client -showcerts -connect gitlab.yourdomain.tld:443

Start Time: 1469810110
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)

Import the certificate

---

  RHEL   &     CentOS:

mv /tmp/gitlab.yourdomain.tld.crt /etc/pki/ca-trust/source/anchors/

update-ca-trust

  Debian   &     Ubuntu:

mv /tmp/gitlab.yourdomain.tld.crt /usr/local/share/ca-certificates/

update-ca-certificates

Updating certificates in /etc/ssl/certs... 2 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.

Re-Test the Certificate

---

From the client machine, test the validity of the now imported certificate on the service providing server (Gitlab)

openssl s_client -showcerts -connect gitlab.yourdomain.tld:443

Start Time: 1469810954
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)

Remove Imported Certs

---

  RHEL   &     CentOS:

rm /etc/pki/ca-trust/source/anchors/gitlab.yourdomain.tld.crt

update-ca-trust

  Debian   &     Ubuntu:

rm /etc/ssl/certs/gitlab.yourdomain.tld.crt

update-ca-certificates

Post Requisites:

---

None

References:

---

clusterfrak.com