-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathcertificate-management.ad
47 lines (25 loc) · 1.01 KB
/
certificate-management.ad
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
= Certificate management
Search keywords: SSL, TLS, certificate, CA, root
== Operating System
=== [Arch] Linux
NOTE: `update-ca-trust` used to be called `update-ca-certificates` and might
still be called this way in other distros.
CA Trust store is system wide. Info can be found in `update-ca-trust` man
page.
==== Add to store
Convert to PEM
openssl x509 -in ~/Downloads/rootCA.crt -inform DER -outform PEM -out ~/Downloads/rootCA.pem
Copy to store
sudo cp ~/Downloads/rootCA.pem /etc/ca-certificates/trust-source/anchors/
Update trust
sudo update-ca-trust extract
==== Remove from store
sudo rm /etc/ca-certificates/trust-source/anchors/rootCA.pem
sudo update-ca-trust extract
== Chrome
=== List all Certs from your local db
$ certutil -d sql:$HOME/.pki/nssdb -L
=== Add a trusted CA certificate
$ certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n "NorthSec Internal Web CA" -i ca.crt
=== Delete a certificate
$ certutil -d sql:$HOME/.pki/nssdb -D -n "NorthSec Internal Web CA"