Installing Certificate PFX into Debian Linux

While working on a Kali Linux Virtual Machine I have, I accessed a Demonstration SharePoint site in the browser and hit the standard Certificate Errors, as I am using Root Certificate Authority issued certificates for my local domain, which my Kali Linux machine is not part of. The process for adding my root Certificate and then the Website Certificate to my Kali Linux (Debian) Machine is a little different to a regular Windows Machine.

Firstly the Certificate needs to be exported into a PFX format and contain the Private Key. This important as we will then extract the certificate components from that PFX file. Once we have this, it needs to be copied to the Kali Linux (Debian) machine.

Open a Terminal windows and browse to the location of the newly copied PFX file. For me it was “Downloads/Certificates“.

In the command Windows we now use the “openssl” tool to perform a couple of tasks, the first to extract the “.pem” or key file, then second the actual certificate “.crt” file.

Export the Private Key
openssl pkcs12 -in Root.pfx -nocerts -out Root.pem -nodes

Export the Certificate
openssl pkcs12 -in Root.pfx -nokeys -out Root.crt -nodes

These commands will ask for the PFX password and then export the two files. Now we have the root certificate, we repeat the process for the actual certificate being used in SharePoint.

Export the Private Key
openssl pkcs12 -in Website.pfx -nocerts -out Website.pem -nodes

Export the Certificate
openssl pkcs12 -in Website.pfx -nokeys -out Website.crt -nodes

Now we have the individual files we need to import them into the system by using the following commands from the same location in the Terminal window:

Import Root Certificate
sudo cp Root.crt /usr/local/share/ca-certificates/Root.crt

Import Website Certificate
sudo cp Website.crt /usr/local/share/ca-certificates/Website.crt

These will then import successfully, but to be able to bypass the security checks for the Certificates, we need to run one last step, which is to update the certificate cache.

sudo update-ca-certificates

That now completes adding the certificate to my Kali Linux (Debian) machine fixing my security prompt because of local issued certificates.

Liam Cleary

I work as an Associate Director for Protiviti in Virginia. My main focus is to ensure that SharePoint can either natively or with minimal customization meet the business requirement securely. I am currently a SharePoint MVP focused on Architecture but also cross the boundary into Development and Security. I am often found at user groups, conferences speaking, offering advice, spending time in the community, teaching my kids how to code, raspberry PI programming, hacking the planet and sometimes building Lego robots.

You may also like...