4.2. Installing a Self-Signed Certificate #
To use a self-signed certificate for connection protection, add it to the list of trusted certificates on a user's computer.
To do this, follow the steps below:
Copy the generated certificate
/etc/ssl/certs/progate.crtto the user's computer. Refer to Section 4.1.1 for details of the certificate generation.Add the certificate to the system storage:
Debian / Ubuntu / Astra Linux:
sudo cp progate.crt /usr/local/share/ca-certificates/progate.crt sudo update-ca-certificates
ALT:
sudo cp progate.crt /usr/share/pki/ca-trust-source/anchors/progate.crt sudo update-ca-trust
Red OS:
sudo cp progate.crt /etc/pki/ca-trust/source/anchors/progate.crt sudo update-ca-trust
Add the certificate to the Chrome/Chromium network security services (NSS) database. To do this:
Install the NSS database management utility:
Debian / Ubuntu / Astra Linux:
sudo apt install libnss3-tools
ALT:
sudo apt-get install nss-utils
Red OS:
sudo dnf install nss-tools
Add the certificate:
certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n "progate.example.com" -i progate.crt
Check that the certificate is installed correctly:
Connect to
chrome://settings/certificates. The certificate must appear in theAuthoritiessection.Connect to
https://progate.example.com. The connection protection lock must be green (without a warning).