Debian as an example. Install the ca-certificates package:
apt-get install ca-certificatesYou then copy the public half of your untrusted CA certificate (the one you use to sign your CSR) into the CA certificate directory (as root):
cp cacert.crt /usr/share/ca-certificatesNOTE: Certificate needs to have .crt extension for it to be picked up.
And get it to rebuild the directory with your certificate included, run as root:
dpkg-reconfigure ca-certificatesand select the ask option, scroll to your certificate, mark it for inclusion and select ok.
Most browsers use their own CA database, and so tools like certutil have to be used to modify their contents (on Debian that is provided by the libnss3-tools package). For example, with Chrome you run something along the lines of:
certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n "My Homemade CA" -i /path/to/CA/cert.fileFirefox will allow you to browse to the certificate on disk, recognize it a certificate file and then allow you to import it to Root CA list.
Most other commands such as curl take command line switches you can use to point at your CA,
curl --cacert /path/to/CA/cert.file https://...or drop the SSL validation altogether
curl --insecure https://...The rest will need individual investigation if the ca-certificates like trick does not sort it for that particular application.