Adding Self-Signed PKI to Linux Trusted Certificate Authorities 🌱

Prerequisites

• A XCA PKI database https://youtu.be/ezzj3x207lQ

Exporting Certificates from XCA

1. Launch XCA
2. Open the PKI database if it is not already (File > Open DataBase), enter password
3. Click on the Certificates tab
4. Right click the Intermediate CA certificate > Export > File
5. Set the file name with a .crt extension and verify the export format is PEM (*.crt)
6. Click OK
7. Right click the Root CA certificate > Export > File
8. Set the file name with a .crt extension and verify the export format is PEM (*.crt)
9. Click OK

Trusting the CA Ceritificates in a Linux Environment

1. Download WinSCP Download
2. Extract WinSCP and run the executable
3. Connect to the target Linux device server via WinSCP
4. Copy the created .crt files to ~/
5. Log into the target Linux device (console or ssh)
6. Run the following commands in a terminal window:
   sudo mkdir /usr/local/share/ca-certificates/self-signed
   sudo cp ~/root-ca.crt /usr/local/share/ca-certificates/self-signed
   sudo cp ~/intermediate-ca.crt /usr/local/share/ca-certificates/self-signed
   sudo update-ca-certificates
7. An ouput stating 2 added should display
8. Run the following command in a terminal window and verify the imported certificate authorities display in the list
   sudo ls /etc/ssl/certs