-
Notifications
You must be signed in to change notification settings - Fork 0
Trusting Your Root CA on Linux
These instructions will work for most Debian-based Linux distributions, such as Debian, Linux Mint, PopOS, Ubuntu, etc.
-
Ensure you have downloaded your Root CA
-
Perform the following commands in the Terminal:
sudo apt update
sudo apt install -y ca-certificates p11-kit
- Move into the folder where you downloaded your Start9 server’s Root CA (usually
~/Downloads
), and run the following commands to add your Start9 server’s CA certificate to the OS trust store:
cd ~/Downloads
sudo mkdir -p /usr/share/ca-certificates/umbrel
sudo cp "root-ca.crt" /usr/share/ca-certificates/umbrel/
sudo bash -c "echo 'umbrel/adjective-noun.crt' >> /etc/ca-certificates.conf"
sudo update-ca-certificates
In the output it should say 1 added
if it was successful. For most applications, you will now be able to securely connect via https
.
4. If you are using Firefox, complete this final step
If you are using Chrome or Brave, complete this final step
-
Ensure you have downloaded your Root CA
-
From the folder you have downloaded your Start9 server’s Root CA, run the following commands. If you have changed the certificate’s filename, be sure to change it here.
sudo pacman -S ca-certificates
sudo cp "root-ca.crt" /etc/ca-certificates/trust-source/anchors/
sudo update-ca-trust
Despite no output from the last command, you can test your app right away.
-
Ensure you have downloaded your Root CA
-
In
/etc/systemd/resolved.conf
, ensure you haveMulticastDNS=Yes
-
Restart systemd-resolved
sudo systemctl restart systemd-resolved
- From the folder you have downloaded your server’s Root CA, run the following commands. If you have changed the certificate’s filename, be sure to change it here.
sudo yum install ca-certificates
sudo cp "root-ca.crt" /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust