SSL - CA certificate - How to add certificate authority to linux of 2N® Access Commander
In case you need to allow 2N® Access Commander machine to communicate with your IT infrastructure such as proxy server etc.. while having in your company CA which 2N® Access Commander machine does not know, you can teach the 2N® Access Commander machine to recognize your CA and allow secured communication between your IT infrastructure and 2N® Access Commander machine.
- prepare your CA certificate which is used to sign certificates used in your IT infrastructure in .crt format (use .key or other format for password protected CA certificate)
- connect to Access Commander's linux and login as root user
- Navigate to folder /usr/local/share/ca-certificates/ using following command:
cd /usr/local/share/ca-certificates/ create new folder named by your CA certificate name (it is recommended to use own folder for each CA certificate you wish to add)
mkdir myCAcertdirWhere myCAcertdir shall be name of your CA certificate.
- copy the CA certificate files to newly created folder
- set proper privilege levels for folder and files
For folder:
chmod 755 /usr/local/share/ca-certificates/myCAcertdir
For files:
chmod 644 //usr/local/share/ca-certificates/myCAcertdir/myCAcert.crt
chmod 644 //usr/local/share/ca-certificates/myCAcertdir/myCAcert.key run command to load newly added certificates to linux using following command:
update-ca-certificatesYou shall see that 1 or more certificates has been added.
If you see that no certificates has been added, please check if you have supported file suffixes (.crt,.key,etc...)
You can see if the CA certificate has been properly added by running following commads:
awk -v cmd='openssl x509 -noout -subject' ' /BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-certificates.crt
- In order to make Access Commander accept the recent changes, please reboot whole Access Commander:
reboot