Before you can install your own Root CA Certificate you need to set up your own CA (Certificate Authority).
Root CA certificates are stored in .
Create a directory in . I usually use the name of the machine where the
CA files are stored, i.e. .
Copy the public Root CA key to this directory.
Edit and add a line with the path to your Root CA key. The path
is relative to , i.e.
Update the certificates known to your system by running . Verify that in
the output of your own Root CA key is listed among the other Root CA keys.
The output will similar to the one below, which is shortened for clarity:
root@idoru:/$ update-ca-certificates -v
Updating certificates in /etc/ssl/certs...
Doing .
rehash: warning: skipping ca-certificates.crt, it does not contain exactly one certificate or CRL
link D-TRUST_Root_Class_3_CA_2_EV_2009.pem -> d4dae3dd.0
...
link base.lan_root_CA.pem -> 475e0790.0
...
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
Some programs, especially some browsers (i.e. Vivaldi) don’t use the systems certificate store.
Your own Root CA certs must be installed for those programs separately.