Local certificates

From Gentoo Wiki
Jump to:navigation Jump to:search

Systemwide certificates

To add a certificate (for example your or your organization's internal CA certificate) to the systemwide list of trusted certificates, place the new certificate in /usr/local/share/ca-certificates/. Be sure, that certificate name ends with .crt (and not with .pem).

root #mkdir -p /usr/local/share/ca-certificates/
root #cp path/to/my.crt /usr/local/share/ca-certificates/

Make sure users have necessary read access to the directory/certificates, or users won't trust them due to read failures. Also make sure untrusted users don't have write access!

Then either run

root #update-ca-certificates

or rebuild app-misc/ca-certificates with

root #emerge -1 app-misc/ca-certificates

to add the certificates to /etc/ssl/certs/.


Chromium (like many other web browsers) do not use the systemwide CA certificate list.

You need to open chrome://settings/certificates then choose Authorities tab and import your CA certificate.

See also