Menu

Trusting Your Root CA on Linux

Caution

If you cannot connect following this guide, you may be using an application (such as Firefox) that is installed in a jailed environment, such as an appimage, flatpak, or snap. Please try an alternate install method if so.

These instructions will work for most Debian-based Linux distributions, such as Debian, Linux Mint, PopOS, Ubuntu, etc.

  1. Ensure you have downloaded your Root CA

  2. Perform the following commands in the Terminal:

    sudo apt update
    sudo apt install -y ca-certificates p11-kit
    
  3. Move into the folder where you downloaded your Start9 server’s Root CA (usually ~/Downloads), and run the following commands to add your Start9 server’s CA certificate to the OS trust store:

    Caution

    BE CERTAIN to replace adjective-noun with your server’s unique hostname in the 3rd and 4th commands below!

    cd ~/Downloads
    sudo mkdir -p /usr/share/ca-certificates/start9
    sudo cp "adjective-noun.crt" /usr/share/ca-certificates/start9/
    sudo bash -c "echo 'start9/adjective-noun.crt' >> /etc/ca-certificates.conf"
    sudo update-ca-certificates
    

    In the output it should say 1 added if it was successful. For most applications, you will now be able to securely connect via https.

If you are using Firefox, complete this final step

If you are using Chrome or Brave, complete this final step