Successfully tested on Ubuntu Server 12.04 LTS 64-bit

SSL/TLS certificates are everywhere. Whether you connect to your online bank account, setup an FTPS server or sign your applications, you use SSL/TLS certificates. All these certificates have been issued by a certification authority (CA) which your operating system must recognize as a trusted third party. This recognition relies on the CA certificate installation.

In the following example, we’ll install the Class 1 Primary Intermediate Server CA certificate from StartCom, a CA particularly known to supply free domain validated certificates (see StartSSL website for more information). As StartCom Root CA certificate is already installed by default in /usr/share/ca-certificates/mozilla, we’ll use the same path for its intermediate CA certficate.

First, download the certificate:

sudo wget https://www.startssl.com/certs/sub.class1.server.ca.pem -O /usr/share/ca-certificates/mozilla/StartCom_Class_1_Primary_Intermediate_Server_CA.crt

 
Then, add the path to this new certificate (relative to /usr/share/ca-certificates) in /etc/ca-certificates.conf:

mozilla/StartCom_Class_1_Primary_Intermediate_Server_CA.crt

 
Finally, now that everything is in place, just launch:

sudo update-ca-certificates

 
to complete the installation. During this process, /etc/ssl/certs folder’s content will be updated to hold the SSL certificates and ca-certificates.crt, a concatenated single-file list of certificates.

That’s all Folks!


For further reading, refer to Ubuntu manuals.

Advertisements