How to make a chain of certificates trusted for communications in senhasegura


:no_entry: This process must be performed individually in all senhasegura instances. :no_entry:
:no_entry: This procedure doesnt work for selsigned certificates :no_entry:


1. Run the command:

openssl s_client -showcerts -servername <IP_or_DNS> -connect <IP_or_DNS>:<PROTOCOL:PORT> < /dev/null

<IP_or_DNS> = replace by the IP or DNS of the desired device/web application
<PROTOCOL_PORT> = replace by the PORT of the desired device/web application

Example: openssl s_client -showcerts -servername google.com -connect google.com:443 < /dev/null

2. Check returned certificates::

3. Copy the information of the displayed certificates and save them individually inside a file with the extension .crt in /usr/share/ca-certificates/mozilla, with the command:

vim /usr/share/ca-certificates/mozilla/<certificate>.crt

Example: vim /usr/share/ca-certificates/mozilla/google.com.crt

And then paste the content of the certificates in the .crt file created

4. Move to /usr/share/ca-certificate using the “cd” command.
cd /usr/share/ca-certificates/

Write the certificate file to “/etc/ca-certificates.conf” with the command:

echo "mozilla/<certificate>.crt" >> /etc/ca-certificates.conf

Example: echo "mozilla/google.com.crt" >> /etc/ca-certificates.conf

5. Update the certificate base of the senhasegura instance, with the command:

update-ca-certificates
1 Like