TL;DR: No description on how to install a intermediate certificate works under Ubuntu 18.04. Any suggestions?
Before marking this as a duplicate of How do I install a root certificate?
or any other instruction on installing certificates, please read my problem and try to find a solution.
I tried to install the certificate of my proxy an a Ubuntu 18.04 machine in every combination of steps possible:
Step 1: Download the proxy certificate via firefox warning in PEM-format (-----BEGIN/END CERTIFICATE-----). It is the intermediate certifcate of the proxy signed by a root CA.
Step 2: Either just nename the file (mv proxy.pem proxy.crt) or doing this with openssl (openssl x509 -outform PEM -in proxy.pem -out proxy.crt). Now I have a certificate with .crt ending and PEM-format as told by Installing a root CA certificate in the trust store. I also tried DER format, but neither worked.
Step 3: Copying the certificate to /usr/share/ca-certificates/ or /usr/local/share/ca-certificates/
Step 4: Using dpkg-reconfigure ca-certificates or update-ca-certificates to update the certificate store
Step 5: Check /etc/ssl/certs/, if proxy certificate is there. There are always two links like:
15af16f2.0 -> proxy.pem
proxy.pem -> /usr/share/ca-certificates/proxy.crt
The path to the certificate is always correct, but can also be /usr/local/... depending on previous step.
In my opinion the certificate should be installed and working. But when I try to connect to any website via wget or curl, they both create errrors:
wget:
ERROR: cannot verify www.google.com's certificate, issued by 'CN=......': unable to get issuer certificate
curl:
curl: (60) SSL certificate problem: unable to connect to get issuer certificate
It isn't even working with wget --ca-certificate=/path/to/proxy.pem https://www.google.com
However apt has one https:\\... repo and is working.
The installation of the same certificate on Ubuntu 20.04 was working like a charm.
The software is up to date on all instances.
Any suggestions on what to try next, where to look for more information, or my error in the process?
