Followed what appears to be the standard procedure to add a cert to the Linux trust, and it seems to add the cert:
$ sudo cp foo.crt /usr/local/share/ca-certificates/foo.crt`
$ sudo update-ca-certificates
Updating certificates in /etc/ssl/certs...
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
However curl
and wget
refuse to connect to a server with that cert, with these errors:
verify error: Unable to get local issuer certificate
Unable to locally verify the issuer's authority
(It connects if verification is disabled with curl -k
, but this is not a solution.)
The certificate itself was created using this command, and is used to enable SSL on a local Gitlab instance (nginx):
$ openssl req -x509 -days 365 -newkey rsa:1024 -keyout bar.pem -nodes -out foo.crt -config openssl_conf
where openssl_conf
is:
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = XX
ST = XX
L = XXX
O = XXXX
OU = XXXX
CN = ...
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
IP.1 = XX.XX.X.X