Trusting Your Root CA on Linux


If you cannot connect following this guide, you may be using an application (such as Firefox) that is installed in a jailed environment, such as an appimage, flatpak, or snap. Please try an alternate install method if so.

These instructions will work for most Debian-based Linux distributions, such as Debian, Linux Mint, PopOS, Ubuntu, etc.

  1. Ensure you have downloaded your Root CA

  2. Perform the following commands in the Terminal:

    sudo apt update
    sudo apt install -y ca-certificates p11-kit
  3. Move into the folder where you downloaded your Start9 server’s Root CA (usually ~/Downloads), and run the following commands to add your Start9 server’s CA certificate to the OS trust store:


    BE CERTAIN to replace adjective-noun with your server’s unique hostname in the 3rd and 4th commands below!

    cd ~/Downloads
    sudo mkdir -p /usr/share/ca-certificates/start9
    sudo cp "adjective-noun.crt" /usr/share/ca-certificates/start9/
    sudo bash -c "echo 'start9/adjective-noun.crt' >> /etc/ca-certificates.conf"
    sudo update-ca-certificates

    In the output it should say 1 added if it was successful. For most applications, you will now be able to securely connect via https.

If you are using Firefox, complete this final step

If you are using Chrome or Brave, complete this final step