Thursday, April 27, 2017

add self issure ca to linux and firefox trusted ca

*** add to linux ***
1- for example we have ca.crt, so copy it to ca directory
$ sudo cp ca.crt /usr/share/ca-certificates/mozilla/myca.crt

2- use the following command to start the update
$ update-ca-certificates 

3- then we can use command below to check newly installed ca
$ awk -v cmd='openssl x509 -noout -subject' '
    /BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-certificates.crt

4- to remove, just delete file myca.crt from sudo cp ca.crt /usr/share/ca-certificates/mozilla/, then issue command below
$ update-ca-certificates  --fresh

5- to verify ca
$ openssl s_client -connect -CApath /usr/share/ca-certificates/mozilla/

if the output as below, it means it is ok
Start Time: 1493311519
Timeout   : 300 (sec)
Verify return code: 0 (ok)

**** add to firefox ****

1- firstly we have to add the certificates to  one user(sample), manually (gui)
edit --> preferrences --> advanced --certificates --> view certificates --> import

2- after that we copy those files cert8.db  key3.db  secmod.db, (~/.mozilla/firefox/ramdomnumber.default) to the target user Firefox profile directory

3- then restart firefox

below is the snapshot of firefox trusts self assign ca

No comments:

Post a Comment