Local certificates

From Gentoo Wiki
Jump to: navigation, search

Systemwide certificates

To add a certificate (for example your or your organization's internal CA certificate) to the systemwide list of trusted certificates, place the new certificate in /usr/local/share/ca-certificates/.

root #mkdir -p /usr/local/share/ca-certificates/
root #cp path/to/my.crt /usr/local/share/ca-certificates/

Make sure users have necessary read access to the directory/certificates, or users won't trust them due to read failures. Also make sure untrusted users don't have write access!

Then either run
root #update-ca-certificates
or rebuild app-misc/ca-certificates with
root #emerge -1 app-misc/ca-certificates
to add the certificates to /etc/ssl/certs/.

Chromium

Chromium (like many other web browsers) do not use the systemwide CA certificate list.

You need to open chrome://settings/certificates then choose Authorities tab and import your CA certificate.

See also