From LedHed's Wiki
Jump to: navigation, search
(Created page with "== Overview == If you want to sign an internal web server with a Certificate signed by an internal Root CA follow these steps. == Steps == === Export the Root CA Certificate...")
 
 
Line 5: Line 5:
 
== Steps ==
 
== Steps ==
 
=== Export the Root CA Certificate ===
 
=== Export the Root CA Certificate ===
On a ADCS server you can do this by connecting to http://server/certsrv and click '''Download a CA certificate, certificate chain, or CRL''', Then Select the current CA Certificate, Click Base 64, and click '''Download CA certificate'''.
+
On a ADCS server you can do this by connecting to http://server/certsrv and click '''Download a CA certificate, certificate chain, or CRL''', Then Select the current CA Certificate, Click '''Base 64''', and click '''Download CA certificate'''.
  
 
=== Copy the certificate to your linux server ===
 
=== Copy the certificate to your linux server ===

Latest revision as of 18:27, 1 December 2016

Overview

If you want to sign an internal web server with a Certificate signed by an internal Root CA follow these steps.


Steps

Export the Root CA Certificate

On a ADCS server you can do this by connecting to http://server/certsrv and click Download a CA certificate, certificate chain, or CRL, Then Select the current CA Certificate, Click Base 64, and click Download CA certificate.

Copy the certificate to your linux server

Copy the exported certificate file to your linux server. The target directory on Debian based distros is:

/usr/local/share/ca-certificates/

Note: The exported cert is an ascii text file so you can cut and paste the contents into a new file if that is easier.

Import the Private Root CA certificate

update-ca-certificates

Test

openssl s_client -connect www.domain.tld:443 -CApath /etc/ssl/certs


Reference

http://superuser.com/questions/437330/how-do-you-add-a-certificate-authority-ca-to-ubuntu