News
3 new Serverspace GPT API Language Models available now!
JT
May 30 2025
Updated May 30 2025

How to use certificate Linux?

Linux

Certificates in Linux are used to secure connections, verify the authenticity of services, and encrypt data. They play an important role in technologies such as HTTPS, VPN, SSH, TLS, and many others. In this article, we will look at what certificates are, how they work in the Linux environment, and how to create and configure them.

What is a certificate?

A certificate is a digital document that is used to verify the authenticity of a server or client. It contains:

  1. Public key;
  2. Owner information;
  3. Expiration date;
  4. Certificate authority (CA) signature.

The most common certificate format is X.509, often used with the TLS/SSL protocol to secure Internet connections.

Where are certificates used in Linux?

  • Web servers (Apache, Nginx) — HTTPS protection;
  • VPN (OpenVPN, WireGuard) — client and server authentication;
  • Mail servers — secure messaging;
  • SSH with two-factor authentication;
  • Docker, Kubernetes — secure interaction between services.

Where are certificates stored in Linux?

Certificates and private keys are usually stored in the following directories:

  • /etc/ssl/private/ Private keys (only accessible to root)
  • /usr/local/share/ca-certificates/ Custom CAs for the system
  • ~/.ssh/ SSH keys and certificates
  • /etc/ssl/certs/ Public certificates

Creating a self-signed certificate

A self-signed certificate can be used for testing or in internal networks:

apt update && apt install openssl -y && \
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
new key
Screenshot № 1 — New key
  • -keyout key.pem — file with private key;
  • -out cert.pem — certificate itself;
  • -days 365 — validity period.

Note: openssl will ask you for certificate details — organization, country, CN (Common Name), etc.

Installing a certificate to the system (Debian/Ubuntu)

If you want to add a custom root certificate (for example, a corporate CA), place the certificate (in .crt format) in the directory:

sudo cp mycompany.crt /usr/local/share/ca-certificates/

Update the list of trusted certificates:

sudo update-ca-certificates

Checking the certificate

You can check the structure and validity of the certificate using the command:

openssl x509 -in cert.pem -text -noout

Check the correctness of the connection to the server:

openssl s_client -connect example.com:443

Removing or revoking a certificate

When the private key is lost or compromised, you need to revoke the certificate from the CA:

sudo rm /usr/local/share/ca-certificates/mycompany.crt
sudo update-ca-certificates --fresh

A separate configuration is required to organize a certificate revocation system (CRL/OCSP) - it is more often used in a corporate environment.

Certificates in Linux are an important element of the security system. They provide trust and encryption, without which a modern infrastructure is impossible. Knowing the basics of working with certificates, generating keys and setting up trusted centers is a useful skill for any administrator.

Vote:
5 out of 5
Аverage rating : 5
Rated by: 1
33145 North Miami, FL 2520 Coral Way apt 2-135
+1 302 425-97-76
700 300
ITGLOBAL.COM CORP
700 300

You might also like...

We use cookies to make your experience on the Serverspace better. By continuing to browse our website, you agree to our
Use of Cookies and Privacy Policy.