Where to keep SSL certificates and private keys on Ubuntu and Debian?

SSL certificate
Better Stack Team
Updated on May 4, 2022

To list all available CA SSL certificates run the following lines of code:

 
awk -v cmd='openssl x509 -noout -subject' '
 
/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-certificates.crt

This will display the subject of every CA certificate in /etc/ssl/certs/ca-certificates.crt

But beware that you may get an error if SSL servers forget to provide the intermediate certificates. In that case, you can try running the following command to get the list of certificates being sent.

 
openssl s_client -showcerts -connect the-git-server:443
Got an article suggestion? Let us know
Explore more
SSL certificate
Solved: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
When you are accessing the HTTPS secured website a series of steps is taken in the background to ensure that the connection is safe and trusted. Some of these steps consist of checking certificates. If the browser does not believe that the connection would be secure it displays this error.
Questions
How to verify SSL certificates on the command line?
To validate an SSL certificate you can use one of the following approaches, depending on the type of the certificate.
Questions
SSL Certificate Problem: Unable to get Local Issuer Certificate
If you get SSL certificate problem: unable to get local issuer certificate error, it's an indication that your root and intermediate certificates on the system are not working correctly or not set up correctly.
Questions
Solved: Invalid command ‘SSLEngine
This frequently happens on fresh Apache servers. When Apache starts it reads through the configuration files. When it encounters `SSLEngine` directive, it considers it as unknown. This is caused by the fact that the server’s basic configuration does not have `mod_ssl` module installed or enabled.
Questions
Licensed under CC-BY-NC-SA

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

We are hiring.

Software is our way of making the world a tiny bit better. We build tools for the makers of tomorrow.

Join the Better Stack team

Help us in making the internet more reliable.

Better Stack logo
Become a contributor

Help us with developer education and get paid.

Better Stack community logo
NEW
Explore all positions →