Adding Self-Signed PKI to Linux Trusted Certificate Authorities 🌱

Exporting Certificates from XCA

  1. Launch XCA
  2. Open the PKI database if it is not already (File > Open DataBase), enter password
  3. Click on the Certificates tab
  4. Right click the Intermediate CA certificate > Export > File
  5. Set the file name with a .crt extension and verify the export format is PEM (*.crt)
  6. Click OK
  7. Right click the Root CA certificate > Export > File
  8. Set the file name with a .crt extension and verify the export format is PEM (*.crt)
  9. Click OK

Trusting the CA Ceritificates in a Linux Environment

  1. Download WinSCP Download
  2. Extract WinSCP and run the executable
  3. Connect to the target Linux device server via WinSCP
  4. Copy the created .crt files to ~/
  5. Log into the target Linux device (console or ssh)
  6. Run the following commands in a terminal window:
    sudo mkdir /usr/local/share/ca-certificates/self-signed
    sudo cp ~/root-ca.crt /usr/local/share/ca-certificates/self-signed
    sudo cp ~/intermediate-ca.crt /usr/local/share/ca-certificates/self-signed
    sudo update-ca-certificates
  7. An ouput stating 2 added should display
  8. Run the following command in a terminal window and verify the imported certificate authorities display in the list
    sudo ls /etc/ssl/certs