-
Notifications
You must be signed in to change notification settings - Fork 0
Linux
Richard Taylor edited this page Jan 27, 2019
·
7 revisions
sudo mkdir /usr/local/share/ca-certificates/extra
sudo cp ~/.zap/ssl/cert.pem /usr/local/share/ca-certificates/extra/zap.crt
sudo update-ca-certificates
This works for system utilities like curl and get. To support Firefox, Chrome etc.
sudo apt install libnss3-tools
Create a script with the following and run it:
certfile="~/.zap/ssl/cert.pem"
certname="zap CA"
###
### For cert8 (legacy - DBM)
###
for certDB in $(find ~/ -name "cert8.db")
do
certdir=$(dirname ${certDB});
certutil -A -n "${certname}" -t "TCu,Cu,Tu" -i ${certfile} -d dbm:${certdir}
done
###
### For cert9 (SQL)
###
for certDB in $(find ~/ -name "cert9.db")
do
certdir=$(dirname ${certDB});
certutil -A -n "${certname}" -t "TCu,Cu,Tu" -i ${certfile} -d sql:${certdir}
doneThis is specific to systems running systemd-resolved - which the latest Ubuntu releases use by default
First we need permission to open low ports and then specify the correct bind address for the DNS resolver
sudo setcap 'cap_net_bind_service=+ep' zapd
./zapd -dns 127.0.0.54:53
Next we need to tell systemd-resolved to use our DNS resolver
# /etc/systemd/resolved.conf
DNS=127.0.0.54
https://thomas-leister.de/en/how-to-import-ca-root-certificate/