Welcome to bytebang » The blog about all and nothing » Get rid of selfsigned certificate warnings in Ubuntu

Get rid of selfsigned certificate warnings in Ubuntu

Sep 14 2018

The Problem

If I do some tele-work then have to access my files via a WebDAV server. This approach works pretty well - but there is one thing that annoys me: Whenever I am connecting to the server then this message appears:

certificate_warning.png

The cause of this is that the (web-)server which sends the data towards me uses a self-signed certificate to secure the https connection. Since I do not control this server I had to find another solution than populating a letsencrypt certificate on it.

The Solution

The solution is simple: include the certificate of the server which is issuing this certificate into your list of trusted ca-certificates.

What sounds pretty straightforward took me a few hours to find out how certificate management in ubuntu works:

  • There is a directory where all ca-certificates are stored: /etc/ssl/certs
  • There is another directory where your additional certificates belong: /usr/local/share/ca-certificates/
  • There is a tool which is able to download a complete certificate from a server: openssl
  • And there is a tool which links your certificates into your trusted ca-cartificates directory: update-ca-certificates

So at the end i did the following command:

sudo bash -c 'true | openssl s_client -connect webdav.mycompany.com:8443 2>/dev/null | openssl x509 > /usr/local/share/ca-certificates/webdav-mycompany.crt && update-ca-certificates'

This one-line does the following (as superuser because otherwise, you do not have enough rights to perform write operations in some directories):

  1. Download the certificate from webdav.mycompany.com at port 8443
  2. Parse the plain certificate out of the response
  3. Store the certificate in the file /usr/local/share/ca-certificates/webdav-mycompany.crt
  4. And finally (if everything went well) then it tells Ubuntu to update its ssl root certificates

That's it - no more annoying warnings!

Get Social


(c) 2024, by bytebang e.U. - Impressum - Datenschutz / Nutzungsbedingungen
-