How to install CA (SSL) Certificates in Ubuntu Server?
How to install CA Certificates in Ubuntu Server?

05/23/2020 by admin with 0 comments

How to install CA (SSL) Certificates in Ubuntu Server?

Getting trouble in CA Certificate Installation is no fun, neither for you nor for me; however, is the installation necessary for an Ubuntu Server. If you want to know how it works in just a few commands, then go through this blog.


Certificate Authority Certificates have to be dealt with if you are a web network or security admin.


What about those who have been charged with the management of the CA Certificates?

Spending time on such CA Certificates is just a hassle for them.


This blog monitors your mind to be at ease. Because the moment the CA Certificates interacts with the Ubuntu Server, nothing seems that challenging.


Creating the thing in an easy way….


You involve the content of this blog because it contains the demonstration on how to install root CA Certificates. Get ready to install the certificate on Ubuntu Server 18.04. I have a plan for the unsure ones. How a root certificate get itself linked with the trusted certificate authority? It’s just a sign is created by the trusted certificate authority. The global sign gives insurance for the purchase of such certificate authorities.


Why should you include this?

Setting application or services is no surprise when installed on Ubuntu Server. These applications or services are kept on the proper guarantee of the functioning of authorized SSL Connections. An application like Apache has a backup plan on CAs. This makes them capable of serving HTTPS Connections.

Microsoft Exchange SAN UCC SSL

Certificate files need to be used and for that configuration of apps and services is required. So the CA must be trained to be in place.


Why is the process not independent?

To get the work done, you must allow the following:

The anticipation of Running Ubuntu Server 18.04

The purchase of root CA must be made from a trusted CA.

The user account should last with Sudo privileges.

You can easily go for the installation process once these items are ready.


Before you think about anything, remember no process is worth performing first than the installation of the CA-Certificates package. Big likes for authentication of SSL connections here, as SSL-based applications are permitted by this tool. The installation of this piece of software lies between the opening of the terminal window and the insurance of the command.

The following syntax is needed for issuing the command-

sudo apt-get install ca-certificates -y

Copying files

You cannot just go for the conversion step if you have not copied the .cer or .crt file into the proper location. At the second stage, copying needs to be done with the following command-

sudo cp CERTIFICATE.crt /usr/local/share/ca-certificate

You are going to straight divert your attention to the certificate files on the Ubuntu Server. Your file must be tagged with the name CERTIFICATE and that must be copied.

Conversion from PEM

Certificate conversion to .crt extension needs to be done if its in the PEM file. You need to use the OpenSSL command for this-

openssl x509 -outform der -in CERTIFICATE.pem -out CERTIFICATE.crt

CERTIFICATE is the name your file must be embedded with.

At the conversion stage, the PEM File is converted to .crt.After the completion of these steps, the files can be shifted to the required directory.

Updating the certificate

At this stage, the updation of the certificate takes place. However, it just needs a single command for the process. The CA Certificates are monitored with the .crt file extension that is just a single command that generates this concatenated list of installed certificates.


If you ought to run the command, then you need the following syntax-

sudo update-ca-certificates

Also, the good news is you have finished with the process.CA Certificate File is now very much working and is in fact set in its proper location. SSL applications can now tolerate the usage of such CAs.

While you may be wondering whether the CAs are being recognized, the answer is no.

How do you define update-CA-certificates?

Even if the program updates the directory /etc/SSL/certs, the main function is to hold SSL Certificates. Do remember that generating, ca-certificates.crt is generating a concatenated single-file list of certificates. If so, the file is read as /etc/ca-certificates.conf.


The same is true for each line giving a path name of CA Certificate that is /usr/share /ca-certificates. Your trust should be based on only such certificates. If you are unsure, you can pay attention to those lines that begin with #. These lines serve as comment lines and are thus ignored.

What happens with lines that begin with “!”? Deselection of such lines takes place. You are in fact adjusting yourself with the deactivation of CA Certificates. Those certificates that are acclimated to the .crt extension can be included in the update-ca-certificates list.


It must also be added to your mind storage bank that certificates with .crt extension are under /usr/local/share/ca-certificates. Couple your trust for such certificates!


When you reach the termination stage, always remember that update-ca-certificates are to be invoked under run parts, such as

/etc/ca-certificates/updated. Some are added and they have the prefix a+, some are removed and they have the prefix a-.

What you must remember?

If you are looking for a configuration file, then it has the syntax, /etc/ca-certificates.conf.


Some files hold all the CA Certificates that was activated in /etc/ca-certificates.conf. Here is the syntax of that single version file of CA Certificates.

This command is a directory of CA Certificates.


Last but not least, the directory of local CA Certificates comes with the .crt extension and uses the command-



What’s the other alternative for searching CA Certificates in Ubuntu?

Have yourself accessed to /usr/local/share/ca-certificates/.

The folder should be created with the name “sudomkdir school“.

Now you can easily copy the .crt file to the folder that you have made.

You can easily go ahead with the fifth stage if the permissions are OK.(755 for the folder,644 for file).

In the fifth stage, you are eligible to run the “sudo update-ca-certificates“.

Leave Comment