ssl

Run cert-sync --user /etc/ssl/cert.pem. Omit --user to synchronize for entire system (note that this installs them in /usr/share/.mono rather than /usr/local/share/.mono).

Without this you might be experiencing errors like "Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED" or similar

If you received intermediate certificates and you need to install them you should simply concatenate them in one file in reversed trust delegating order. So if trust is delegated like this:

root -> intermediate1 -> intermediate2 -> your-site

in pem file certificates should be in this order:

Can be found here - BetterCrypto.org and ECRYPT II

To manually trust single certificate do
certutil -A -d sql:$HOME/.pki/nssdb -t P -n description -i cert_file

To add new trusted CA do
certutil -A -d sql:$HOME/.pki/nssdb -t CT -n description -i cert_file


It can be done like this

openssl req -new -newkey rsa:2048 -nodes -keyout certificate.key -out certificate.csr


a2enmod ssl

To extract private key:

• openssl pkcs12 -in file.pfx -nocerts -out pk.pem
• openssl rsa -in pk.pem -out key.pem

To extract certificate:

• openssl pkcs12 -in file.pfx -clcerts -nokeys -out cert.pem