30.05.2025

How to use certificate Linux?

Certificates in Linux are used to secure connections, verify the authenticity of services, and encrypt data. They play an important role in technologies such as HTTPS, VPN, SSH, TLS, and many others. In this article, we will look at what certificates are, how they work in the Linux environment, and how to create and configure them.

What is a certificate?

A certificate is a digital document that is used to verify the authenticity of a server or client. It contains:

  1. Public key;
  2. Owner information;
  3. Expiration date;
  4. Certificate authority (CA) signature.

The most common certificate format is X.509, often used with the TLS/SSL protocol to secure Internet connections.

Where are certificates used in Linux?

Where are certificates stored in Linux?

Certificates and private keys are usually stored in the following directories:

Creating a self-signed certificate

A self-signed certificate can be used for testing or in internal networks:

apt update && apt install openssl -y && \
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

Screenshot № 1 — New key

Note: openssl will ask you for certificate details — organization, country, CN (Common Name), etc.

Installing a certificate to the system (Debian/Ubuntu)

If you want to add a custom root certificate (for example, a corporate CA), place the certificate (in .crt format) in the directory:

sudo cp mycompany.crt /usr/local/share/ca-certificates/

Update the list of trusted certificates:

sudo update-ca-certificates

Checking the certificate

You can check the structure and validity of the certificate using the command:

openssl x509 -in cert.pem -text -noout

Check the correctness of the connection to the server:

openssl s_client -connect example.com:443

Removing or revoking a certificate

When the private key is lost or compromised, you need to revoke the certificate from the CA:

sudo rm /usr/local/share/ca-certificates/mycompany.crt
sudo update-ca-certificates --fresh

A separate configuration is required to organize a certificate revocation system (CRL/OCSP) - it is more often used in a corporate environment.

Certificates in Linux are an important element of the security system. They provide trust and encryption, without which a modern infrastructure is impossible. Knowing the basics of working with certificates, generating keys and setting up trusted centers is a useful skill for any administrator.