When Enough creates a service on a private network it can’t rely on letsencrypt and needs its own Certificate Authority. The resulting enough-ca.crt must them be installed as a trusted Certificate Authority. Ideally there would be a central place to do this a all software would rely on it. But is it really possible ?
- /usr/local/share/ca-certificates/infrastructure/enough-ca.crt and
update-ca-certificates --freshwill add the certificate to
/etc/ssl/certsand it becomes valid for:
- nextcloud client
- apt-get install -y p11-trust && trust /usr/local/share/ca-certificates/infrastructure/enough-ca.crt && restart gnome-session
- Gnome session settings => Online Account => Nextcloud => check calendar & agenda
- evolution agenda
- evolution calendar
- firefox does not read /etc/ssl/certs and manually installing the certificate authority is ok. There seems to be a way to script it using certutil but one has to know where the database file is located.