Ubuntu – How to get the ca-certificates.crt

certificatesdocker

My docker get error "x509 certificate signed by unknown authority" and then i find that my ubuntu contianer missing file ca-certificates.crt on /etc/ssl/certs/ or /usr/local/share/certificates/. The solution of this error is add ca-certificates.crt to the */usr/local/share/certificates/** folder and run update-ca-certificates command. But my problem is I dont know where to get that .crt file.

Best Answer

To get certificates, run similar to the next command:

openssl req -newkey rsa:2048 -nodes -keyout nginx/my-site.com.key -x509 -days 365 -out nginx/my-site.com.crt

Also, you could use these instructions:

DAYS=1460
PASS=$(openssl rand -hex 16)

# remove certificates from previous execution.
rm -f *.pem *.srl *.csr *.cnf


# generate CA private and public keys
echo 01 > ca.srl
openssl genrsa -des3 -out ca-key.pem -passout pass:$PASS 2048
openssl req -subj '/CN=*/' -new -x509 -days $DAYS -passin pass:$PASS -key ca-key.pem -out ca.pem

Related Solutions

Ubuntu – How to add an SSL client certificate/key globally in Ubuntu

You would need to install your cert under: /etc/ssl/certs. It would need to have the .crt extension. Your application would need to be configured to look in the /etc/ssl/certs path for the certs, but it should work. I have Fetchmail configured to pull reference /etc/ssl/certs.

Ubuntu – How to add a CA at an Ubuntu Phone

According to the syncevolution doc, the location of the certificates used to authenticate the server is configurable through 'SSLServerCertificates' configuration property.

This property is set by the 'config.ini' files in the home directory:

phablet@ubuntu-phablet:~$ grep -rIn SSLServerCertificates .config/syncevolution/
.config/syncevolution/default/peers/google-calendar-2/config.ini:# SSLServerCertificates = /etc/ssl/certs/ca-certificates.crt:/etc/pki/tls/certs/ca-bundle.crt:/usr/share/ssl/certs/ca-bundle.crt
.config/syncevolution/default/peers/google-contacts-2/config.ini:# SSLServerCertificates = /etc/ssl/certs/ca-certificates.crt:/etc/pki/tls/certs/ca-bundle.crt:/usr/share/ssl/certs/ca-bundle.crt
.config/syncevolution/google-calendar-2/peers/target-config/config.ini:# SSLServerCertificates = /etc/ssl/certs/ca-certificates.crt:/etc/pki/tls/certs/ca-bundle.crt:/usr/share/ssl/certs/ca-bundle.crt
.config/syncevolution/google-contacts-2/peers/target-config/config.ini:# SSLServerCertificates = /etc/ssl/certs/ca-certificates.crt:/etc/pki/tls/certs/ca-bundle.crt:/usr/share/ssl/certs/ca-bundle.crt

So, you can add or edit these configs to additionally point to some .crt in the home dir (which is writable).

Best Answer

Related Solutions

Ubuntu – How to add an SSL client certificate/key globally in Ubuntu

Ubuntu – How to add a CA at an Ubuntu Phone

Related Question