Join Log in
Score:0
LittleRossi avatar Ubuntu

Installation of intermediate certificate not working for command line tools

in flag
LittleRossi

TL;DR: No description on how to install a intermediate certificate works under Ubuntu 18.04. Any suggestions?

Before marking this as a duplicate of How do I install a root certificate? or any other instruction on installing certificates, please read my problem and try to find a solution.

I tried to install the certificate of my proxy an a Ubuntu 18.04 machine in every combination of steps possible:
Step 1: Download the proxy certificate via firefox warning in PEM-format (-----BEGIN/END CERTIFICATE-----). It is the intermediate certifcate of the proxy signed by a root CA.
Step 2: Either just nename the file (mv proxy.pem proxy.crt) or doing this with openssl (openssl x509 -outform PEM -in proxy.pem -out proxy.crt). Now I have a certificate with .crt ending and PEM-format as told by Installing a root CA certificate in the trust store. I also tried DER format, but neither worked.
Step 3: Copying the certificate to /usr/share/ca-certificates/ or /usr/local/share/ca-certificates/
Step 4: Using dpkg-reconfigure ca-certificates or update-ca-certificates to update the certificate store
Step 5: Check /etc/ssl/certs/, if proxy certificate is there. There are always two links like:

15af16f2.0 -> proxy.pem
proxy.pem -> /usr/share/ca-certificates/proxy.crt

The path to the certificate is always correct, but can also be /usr/local/... depending on previous step.

In my opinion the certificate should be installed and working. But when I try to connect to any website via wget or curl, they both create errrors:
wget:

ERROR: cannot verify www.google.com's certificate, issued by 'CN=......': unable to get issuer certificate

curl:

curl: (60) SSL certificate problem: unable to connect to get issuer certificate

It isn't even working with wget --ca-certificate=/path/to/proxy.pem https://www.google.com

However apt has one https:\\... repo and is working.
The installation of the same certificate on Ubuntu 20.04 was working like a charm.
The software is up to date on all instances.

Any suggestions on what to try next, where to look for more information, or my error in the process?

32
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.