Installing a CA certificate on Ubuntu

4 Comments

Successfully tested on Ubuntu Server 12.04 LTS 64-bit

SSL/TLS certificates are everywhere. Whether you connect to your online bank account, setup an FTPS server or sign your applications, you use SSL/TLS certificates. All these certificates have been issued by a certification authority (CA) which your operating system must recognize as a trusted third party. This recognition relies on the CA certificate installation.

In the following example, we’ll install the Class 1 Primary Intermediate Server CA certificate from StartCom, a CA particularly known to supply free domain validated certificates (see StartSSL website for more information). As StartCom Root CA certificate is already installed by default in /usr/share/ca-certificates/mozilla, we’ll use the same path for its intermediate CA certficate.

First, download the certificate:

sudo wget https://www.startssl.com/certs/sub.class1.server.ca.pem -O /usr/share/ca-certificates/mozilla/StartCom_Class_1_Primary_Intermediate_Server_CA.crt

 
Then, add the path to this new certificate (relative to /usr/share/ca-certificates) in /etc/ca-certificates.conf:

mozilla/StartCom_Class_1_Primary_Intermediate_Server_CA.crt

 
Finally, now that everything is in place, just launch:

sudo update-ca-certificates

 
to complete the installation. During this process, /etc/ssl/certs folder’s content will be updated to hold the SSL certificates and ca-certificates.crt, a concatenated single-file list of certificates.

That’s all Folks!


For further reading, refer to Ubuntu manuals.

Useful commands #1: Preventing the update of a package

Leave a comment

Successfully tested on Ubuntu Server 12.04 LTS 64-bit

Doing frequent updates of your favorite OS and programs is always recommended. Not only does it allow you to take advantage of new features but it also minimizes the security risks by correcting the possible flaws spotted since the installation or the previous update.

In Ubuntu, software updates can be either automatic (see Automatic Updates in the official documentation for details) or… manual. If you choose to go the manual way, you’ll have to make sure to do the updates by yourself on a regular basis (Ubuntu’s welcome screen advises you of updates availability) using two commands:

sudo apt-get update

 
first, to re-synchronize the package index files from their sources (the repositories are listed in /etc/apt/sources.list), followed by:

sudo apt-get upgrade

 
to finally install the newest versions of all packages currently installed on the system.

This full update in one shot is very handy of course, but what to do if you don’t want to update a specific package? For instance, let say you patched and rebuilt a program for whatever reason and you don’t want it to be replaced by the new latest official version. What to do? This is where today’s useful command comes in:

sudo apt-mark hold package_name

 
Now, this package will never be updated automatically as well as manually as long as it is on “hold” status. To display this status, you can use:

dpkg --get-selections | grep "package_name"

 
Finally, the day you decide to allow the upgrade to the latest version available in the official repository, just type:

sudo apt-mark unhold package_name

 
to put the package back on “install” status.

That’s all Folks!


For further reading, take a look at Package Management in Ubuntu’s official documentation.

Ubuntu Server system administration made easier: Webmin

Leave a comment

Successfully tested on Ubuntu Server 10.04 LTS 64-bit

Tired of being a command-line master? You would like to do Ubuntu Server administration tasks using some kind of GUI? DO NOT install Ubuntu’s desktop environment. Install Webmin instead.

The easiest way to install Webmin on Ubuntu is by using the official Webmin APT repository. First, create a new /etc/apt/sources.list.d/webmin.list file containing the following lines:

## Webmin repository
deb http://download.webmin.com/download/repository sarge contrib
deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib

 
Next, get the repository GPG key

wget http://www.webmin.com/jcameron-key.asc

 
and add it to your trusted keys list:

apt-key add jcameron-key.asc

 
Finally, resynchronize the list of available packages

apt-get update

 
and install Webmin:

apt-get install webmin

 
Now, you should be able to login to Webmin at https://webmin_server_hostname:10000 using any existing sudoer account and discover the many possibilities of this wonderful tool.

That’s all Folks!


For further reading, see Webmin website.

Newer Entries