Backend / DevOps / Architect
Brit by birth,
located worldwide

All content © Alex Shepherd 2008-2024
unless otherwise noted

Install self-signed SSL certificates in Linux and Windows

Published
1 min read
image
Image Credit: Unknown (if this is your work, reach out to me and I'll credit you!)

Hi guys!

I've just managed to get SSL working on n00bsys0p.co.uk with my own self-signed certificate, so I thought I'd write a guide on how to install the certificate in Linux and Windows 7, with specific details given for Firefox 5, Internet Explorer and Google Chrome.

It is worth mentioning at this point, that you should never do this for any site into which you will enter any sensitive information, such as your home address, credit card details, or banking information, if you don't trust the source, or have never seen the warning previously on the site. If you do need to for any reason, you should directly contact the site administrator to inform them that their certificate is invalid, and to check that the site is legitimate.

Windows 7

The certificate can be imported via the Microsoft Management Console (mmc.exe), and requires your account to have Administrator Privileges. The first step is to download the certificate, which can done in the following ways:

Internet Explorer (tested on IE9)

Internet Explorer after

Navigate to the SSL-enabled site, and Internet Explorer will give you a warning page. You first need to press Continue to this website (not recommended). Once the page loads, you will see Certificate Error in the address bar, with a red cross beside it. If you click this, it will show a popup menu with an option to View Certificates. Click this, and it will bring up a certificate viewer, with 3 tabs at the top. Select Details and then Copy to file. This will bring up the Certificate Export Wizard. Press Next twice, enter a file name, press Next, then Finish.

Firefox 5

First click the Firefox Menu, then Options. Now click Advanced, Encryption, View Certificates, Servers, Add Exception. Now enter the address into the Location field, and press Get Certificate. Now click View, Details, Export. Now choose a filename, and press Save.

Google Chrome

Google Chrome certificate error.

Navigate to the site, and Google Chrome will give you the above warning page. From here, click Proceed anyway, and it will take you to the site. Now you need to click on the crossed out lock icon to the left of the address bar, and a popup will appear, from which, you should click Certificate Information. Now select Details, then Copy to file. Now choose a file name, and save.

The second part to installing a certificate in Windows is to use the Microsoft Management Console to install the cert as a Trusted Root Authority Certificate. To run MMC, Press Win+R, then type mmc.exe into the Run dialog box. Now press return or click OK, and Windows will ask you to confirm Admin privileges for MMC. Do so, then select File, Add/Remove Snap-in, or press Ctrl+M. From here, click certificates, and Add. Now select Computer Account, press Next , select Local Computer and then Finish and OK to return to the main screen, now with the option Certificates.

Expand Certificates, then Trusted Root Certification Authorities, and select Certificates below it. Now go to Action, All Tasks and Import. In the Certificate Import Wizard, press Next, find the file by pressing the Browse button, select Next twice, then Finish.

That's it! Now you should be able to access n00bsys0p via HTTPS in Windows without those pesky browser warnings! Don't do this for any site onto which you may enter any sensitive information... The only reason I feel comfortable enough using a self-signed certificate is that I will never ask my readers to submit any information which could be used against them, or may breach their privacy.

Linux

In Linux, the way in which you import the certificate is dependent on which browser you are using. Here are guides for each of the browsers I use, Firefox 5 and Google Chrome:

Firefox 5

Firefox 5 Certificate Manager

Go to the Edit Menu, and select Preferences. Now go to Advanced, Encryption, View Certificates, Servers, Add Exception. Now fill out the Location field with the site's address, and press Get Certificate. Now tick Permanently Store this exception, and then click Confirm Security Exception. That's all!

Google Chrome

First of all, you need to download the certificate file. This is done in a very similar way to that which I described for Google Chrome on Windows 7. The only thing you need to change, is instead of clicking on Copy to file, you click Export. The program you will use to install the certificate is part of the libnss3-tools package. This can be installed in Ubuntu via the following command:

sudo apt-get install libnss3-tools

Now, if you look at the documentation, the command you should need to use to install the self-signed certificate is as follows:

certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n <strong>{user chosen cert nickname}</strong> -i <strong>{certificate filename}</strong>

This, however will not work. The actual command you will need to use is as follows:

certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n <strong>{user chosen cert nickname}</strong> -i <strong>{certificate filename}</strong>

This will add the site's certificate to your Trusted Authority database, allowing you to browse in HTTPS!

Anyway, as always, direct any questions or corrections to the comments! If you want to contact me privately, please use the contact form found on the the main menu.

n00b