Installing a Certificate Authority system wide


When Enough creates a service on a private network it can’t rely on letsencrypt and needs its own Certificate Authority. The resulting enough-ca.crt must them be installed as a trusted Certificate Authority. Ideally there would be a central place to do this a all software would rely on it. But is it really possible ?

  • /usr/local/share/ca-certificates/infrastructure/enough-ca.crt and update-ca-certificates --fresh will add the certificate to /etc/ssl/certs and it becomes valid for:
    • :white_check_mark: curl
    • :white_check_mark: nextcloud client
  • apt-get install -y p11-trust && trust /usr/local/share/ca-certificates/infrastructure/enough-ca.crt && restart gnome-session
    • Gnome session settings => Online Account => Nextcloud => check calendar & agenda
    • :white_check_mark: evolution agenda
    • :white_check_mark: evolution calendar
  • :white_check_mark: firefox does not read /etc/ssl/certs and manually installing the certificate authority is ok. There seems to be a way to script it using certutil but one has to know where the database file is located.