This process must be performed individually in all senhasegura instances.
This procedure doesn’t work for self-signed certificates
1. Run the command:
openssl s_client -showcerts -servername <URL> -connect <URL:PORT> < /dev/null
<IP_or_DNS> = replace by the IP or DNS of the desired device/web application
<PROTOCOL_PORT> = replace by the PORT of the desired device/web application
Example: openssl s_client -showcerts -servername google.com -connect google.com:443 < /dev/null
2. Check returned certificates::
If the OpenSSL can’t get the certificate, you will need to have the certificate file to import on senhasegura.
3. Copy the information of the displayed certificates and save them individually inside a file with the extension .crt in /usr/share/ca-certificates/mozilla, with the command:
vim /usr/share/ca-certificates/mozilla/<certificate>.crt
Example: vim /usr/share/ca-certificates/mozilla/google.com.crt
And then paste the content of the certificates into in the .crt file create.d
4. Move to /usr/share/ca-certificate using the “cd” command.
cd /usr/share/ca-certificates/
Write the certificate file to “/etc/ca-certificates.conf” with the command:
echo "mozilla/<certificate>.crt" >> /etc/ca-certificates.conf
Example: echo "mozilla/google.com.crt" >> /etc/ca-certificates.conf
5. Update the certificate base of the senhasegura instance with the command:
update-ca-certificates