Adding trusted root certificates

In order for git to use the authority, you must add the root certificate: Instruction for a Linux Debian machine(I think it should be the same for Ubuntu):

Copy your CA(see previous mail from Stefan) with “crt” extension, to dir: /usr/local/share/ca-certificates/ So you should now have: /usr/local/share/ca-certificates/bmzugvs02-internal-root.crt Update the CA store: sudo update-ca-certificates Git should now work.

The browsers would still complain because they don’t make use of the OS trust store, but use their own certificate trust store. You can use the below commands to also make the browser use our authority:

First install needed tools:

aptitude install libnss3-tools

If you use Chrome:

certutil -A -n bmzugvs02 -t "TCu,Cu,Tu" -i /usr/local/share/ca-certificates/bmzugvs02-internal-root.crt -d sql:/home/<your_username>/.pki/nssdb

For Firefox:

certutil -A -n bmzugvs02 -t "TCu,Cu,Tu" -i /usr/local/share/ca-certificates/bmzugvs02-internal-root.crt -d sql:/home/<your_username>/.mozilla/firefox/<your_profile_name>

Use the command to find store location:

find ~/ -name "cert9.db"

References:

• https://manuals.gfi.com/en/kerio/connect/content/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html
• https://thomas-leister.de/en/how-to-import-ca-root-certificate/