unable to verify the first certificate
To import your self-signed CA to Ubuntu's certificate root list, you have to configure ca-certificates
:
First, make a directory called /usr/share/ca-certificates/extra
:
sudo mkdir /usr/share/ca-certificates/extra`
Then, copy your CA certificate to the directory:
sudo cp /etc/ssl/certs/xiedeaccca.crt /usr/share/ca-certificates/extra/xiedeaccca.crt
Finally, reconfigure ca-certificates
:
sudo dpkg-reconfigure ca-certificates
Press Space
to select your self signed CA certs, and you should be done.
user3054879
Updated on September 18, 2022Comments
-
user3054879 over 1 year
I use openssl to create a self signed CA cert on ubuntu gnome 16.04, and use this CA cert to sign a cert for postfix and httpd, but when using tls to connect postfix, the command was:
openssl s_client -connect xiedeacc.com:587 -starttls smtp
it will complaint
and it returns:
verify error:num=21:unable to verify the first certificate Verify return code: 21 (unable to verify the first certificate)
but when changing the command to
openssl s_client -connect xiedeacc.com:587 -starttls smtp -CAfile /etc/ssl/certs/xiedeaccca.crt
the output was all right, no problem, so I guess it's openssl s_client cannot find this self signed CA, but chrome can visit this CA signed website after I manually import it into chrome cert root list. So, how to import it to Ubuntu's certificate root list but not just Chrome's root cert list ? Does Ubuntu store CA certs like windows?
-
user3054879 over 6 yearsthanks, that's what I exactly need, but there still a problem, now, my self CA certs was on reconfigure list, how to choosen my self CA, I have tried enter, or press M, Y, all failed,
-
Cynplytholowazy over 6 yearsWhat do you actually mean? Post your terminal output by editing your question.
-
user3054879 over 6 yearsnotice, though my CA cert was on list, but it wasn't choosen, I tried enter M, Y to choose it, all failed?
-
Cynplytholowazy over 6 yearsI just edited: Press space to select.