🎉 Announcing new lower pricing — up to 40% lower costs for Cloud Servers and Cloud SQL! Read more →

Adding CAcert root certificate to Debian/Ubuntu - properly

Due to various auditing failures and other security issues, the CAcert root certificate set is slowly disappearing from the Ubuntu and Debian ‘ca-certificates’ package.

Fine for security and ensuring your website works with the wider browser world. Not so good if you’re developing an SSL site on a development domain - for which CAcert certificates are precisely what the doctor ordered.

So how do you add the root certificates back into your development machine in the correct manner (and in particular avoiding the cardinal sin of shipping an entirely parallel set of root certificates with your application!)

Fortunately it is straightforward, since you can tell Ubuntu/Debian to update its root certificate list to include any certificates stored in the /usr/local/share/ca-certificates directory.

So first make a directory in which to store the CAcert certificate files.

sudo mkdir /usr/local/share/ca-certificates/cacert.org

Then download the root certificates from the cacert website.

sudo wget -P /usr/local/share/ca-certificates/cacert.org http://www.cacert.org/certs/root.crt http://www.cacert.org/certs/class3.crt

and finally update the certificate bundle

sudo update-ca-certificates

Then you can get back to developing your next killer app.

Get started with Brightbox Sign up takes just two minutes...