Adding ProxySG CA certificate to the trusted CA list in Linux

book

Article ID: 170368

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

Linux machine is showing certificate validation failed when it tries fetch updates

Resolution

In SSL Interception, adding the CA certificate in Browser CA cache will make the browser to trust the certificate. In the case of Linux, the machine is also having a separate CA bundle and need to be updated if connection is expected to be intercepted. Follow the below steps to update the ca-bundle of linux machine.

Given a CA certificate file 'proxycert.crt', follow below steps for respective versions

 

Ubuntu

  1. Create a directory for proxysg CA certificate in /usr/share/ca-certificates

sudo mkdir /usr/share/ca-certificates/proxysg
    

  1. Copy the '.crt' file to the directory

sudo cp proxycert.crt /usr/share/ca-certificates/proxysg/proxycert.crt
    

  1. Add the '.crt' file's path relative to /usr/share/ca-certificates to /etc/ca-certificates.conf

sudo dpkg-reconfigure ca-certificates
    

  1. Update the installed CA's

sudo update-ca-certificates

 

CentOS

  1. Copy the 'proxycert.crt' file to any temp folder
  2. Navigate to Certs directory

cd /etc/pki/tls/certs/

  1. Make a copy of ca-bundle.crt file for backup

cp ca-bundle.crt ca-bundle.crt.bak

  1. Add the ProxySG CA certificate to the ca-bundle.crt by running the below command

openssl x509 -text -in /path/to/proxycert.crt >> /etc/pki/tls/certs/ca-bundle.crt