Installing Certificate PFX into Debian Linux

While working on a Kali Linux Virtual Machine I have, I accessed a Demonstration SharePoint site in the browser and hit the standard Certificate Errors, as I am using Root Certificate Authority issued certificates for my local domain, which my Kali Linux machine is not part of. The process for adding my root Certificate and then the Website Certificate to my Kali Linux (Debian) Machine is a little different to a regular Windows Machine.

Firstly the Certificate needs to be exported into a PFX format and contain the Private Key. This important as we will then extract the certificate components from that PFX file. Once we have this, it needs to be copied to the Kali Linux (Debian) machine.

Open a Terminal windows and browse to the location of the newly copied PFX file. For me it was “Downloads/Certificates“.

In the command Windows we now use the “openssl” tool to perform a couple of tasks, the first to extract the “.pem” or key file, then second the actual certificate “.crt” file.

Export the Private Key
openssl pkcs12 -in Root.pfx -nocerts -out Root.pem -nodes

Export the Certificate
openssl pkcs12 -in Root.pfx -nokeys -out Root.crt -nodes

These commands will ask for the PFX password and then export the two files. Now we have the root certificate, we repeat the process for the actual certificate being used in SharePoint.

Export the Private Key
openssl pkcs12 -in Website.pfx -nocerts -out Website.pem -nodes

Export the Certificate
openssl pkcs12 -in Website.pfx -nokeys -out Website.crt -nodes

Now we have the individual files we need to import them into the system by using the following commands from the same location in the Terminal window:

Import Root Certificate
sudo cp Root.crt /usr/local/share/ca-certificates/Root.crt

Import Website Certificate
sudo cp Website.crt /usr/local/share/ca-certificates/Website.crt

These will then import successfully, but to be able to bypass the security checks for the Certificates, we need to run one last step, which is to update the certificate cache.

sudo update-ca-certificates

That now completes adding the certificate to my Kali Linux (Debian) machine fixing my security prompt because of local issued certificates.

Liam Cleary

Liam began his career as a Trainer of all things computer-related. He quickly realized that programming, breaking, and hacking was a lot more fun. He spent the next few years working within core infrastructure and security services until he found SharePoint. He is the founder and owner of SharePlicity, a consulting company that focuses on all areas of Technology. His role within SharePlicity is to help organizations implement technology that will enhance internal and external collaboration, document and records management, automate business processes, and of course security controls and protection. He is also a Microsoft MVP focusing on Architecture but also crosses the boundary into Development. He is also a Microsoft Certified Trainer (MCT). His specialty over the past few years has been security in SharePoint and its surrounding platforms. He can often be found at user groups or conferences speaking, offering advice, spending time in the community, teaching his kids how to code, raspberry PI programming, hacking the planet or building Lego robots.

You may also like...