Debian as an example. Install the ca-certificates
package:
apt-get install ca-certificates
You then copy the public half of your untrusted CA certificate (the one you use to sign your CSR) into the CA certificate directory (as root):
cp cacert.crt /usr/share/ca-certificates
NOTE: Certificate needs to have .crt
extension for it to be picked up.
And get it to rebuild the directory with your certificate included, run as root:
dpkg-reconfigure ca-certificates
and select the ask
option, scroll to your certificate, mark it for inclusion and select ok.
Most browsers use their own CA database, and so tools like certutil
have to be used to modify their contents (on Debian that is provided by the libnss3-tools
package). For example, with Chrome you run something along the lines of:
certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n "My Homemade CA" -i /path/to/CA/cert.file
Firefox will allow you to browse to the certificate on disk, recognize it a certificate file and then allow you to import it to Root CA list.
Most other commands such as curl
take command line switches you can use to point at your CA,
curl --cacert /path/to/CA/cert.file https://...
or drop the SSL validation altogether
curl --insecure https://...
The rest will need individual investigation if the ca-certificates
like trick does not sort it for that particular application.