Installing custom CA certificates in Ubuntu 20.04

A fairly common scenario that I’ve encountered is to have a server that has self-signed SSL certificates. In that case, client utilities such as curl will refuse to work unless you use -k or --insecure . Here’s what I needed to do on an Ubuntu 20.04 box (also works on 18.04):

1. Combine the SSL certificate chain and the SSL certificate in one file (in this order). You can download both from a browser if you hit https://your-server-name. Make sure the file extension for the file containing these certs is .crt.
2. Copy the .crt file to /usr/local/share/ca-certificates/.
3. Run sudo update-ca-certificates.

At this point, you should see the file /etc/ssl/certs/ca-certificates.crt updated with the contents of your crt file and curl and other command line utilities that inspect CA certs from /etc/ssl/certs should start working fine.