4.2. Installing a Self-Signed Certificate #

To use a self-signed certificate for connection protection, add it to the list of trusted certificates on a user's computer.

To do this, follow the steps below:

  1. Copy the generated certificate /etc/ssl/certs/progate.crt to the user's computer. Refer to Section 4.1.1 for details of the certificate generation.

  2. Add the certificate to the system storage:

    • Debian / Ubuntu / Astra Linux:

      sudo cp progate.crt /usr/local/share/ca-certificates/progate.crt
      sudo update-ca-certificates
      

    • ALT:

      sudo cp progate.crt /usr/share/pki/ca-trust-source/anchors/progate.crt
      sudo update-ca-trust
      

    • Red OS:

      sudo cp progate.crt /etc/pki/ca-trust/source/anchors/progate.crt
      sudo update-ca-trust
      

  3. Add the certificate to the Chrome/Chromium network security services (NSS) database. To do this:

    1. Install the NSS database management utility:

      • Debian / Ubuntu / Astra Linux:

        sudo apt install libnss3-tools
        

      • ALT:

        sudo apt-get install nss-utils
        

      • Red OS:

        sudo dnf install nss-tools
        

    2. Add the certificate:

      certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n "progate.example.com" -i progate.crt
      

  4. Check that the certificate is installed correctly:

    • Connect to chrome://settings/certificates. The certificate must appear in the Authorities section.

    • Connect to https://progate.example.com. The connection protection lock must be green (without a warning).