From LedHed's Wiki
(Created page with "== Overview == If you want to sign an internal web server with a Certificate signed by an internal Root CA follow these steps. == Steps == === Export the Root CA Certificate...") |
|||
| Line 5: | Line 5: | ||
== Steps == | == Steps == | ||
=== Export the Root CA Certificate === | === Export the Root CA Certificate === | ||
| − | On a ADCS server you can do this by connecting to http://server/certsrv and click '''Download a CA certificate, certificate chain, or CRL''', Then Select the current CA Certificate, Click Base 64, and click '''Download CA certificate'''. | + | On a ADCS server you can do this by connecting to http://server/certsrv and click '''Download a CA certificate, certificate chain, or CRL''', Then Select the current CA Certificate, Click '''Base 64''', and click '''Download CA certificate'''. |
=== Copy the certificate to your linux server === | === Copy the certificate to your linux server === | ||
Latest revision as of 18:27, 1 December 2016
Contents
Overview
If you want to sign an internal web server with a Certificate signed by an internal Root CA follow these steps.
Steps
Export the Root CA Certificate
On a ADCS server you can do this by connecting to http://server/certsrv and click Download a CA certificate, certificate chain, or CRL, Then Select the current CA Certificate, Click Base 64, and click Download CA certificate.
Copy the certificate to your linux server
Copy the exported certificate file to your linux server. The target directory on Debian based distros is:
/usr/local/share/ca-certificates/
Note: The exported cert is an ascii text file so you can cut and paste the contents into a new file if that is easier.
Import the Private Root CA certificate
update-ca-certificates
Test
openssl s_client -connect www.domain.tld:443 -CApath /etc/ssl/certs
Reference
http://superuser.com/questions/437330/how-do-you-add-a-certificate-authority-ca-to-ubuntu