No special magic for the WSL Ubuntu install. You just apt-get install ca-certificates on the WSL Ubuntu environment command line, drop the pem certificate(s) in file(s) in /etc/ssl/certs, run update-ca-certificates (as root, use sudo) and you're done. Just make sure the pem's are globally readable. The new certificate(s) will be included in /etc/ssl/certs/ca-certificates.crt and all system packages use that as their trusted root certs, pretty sure it'll also add the hash symlinks too. That decade (and a bit) old IR is long, long, long closed. This will NOT affect any Windows based stuff.
If you need to have it packaged then you'll have to do your own package, with a post-install hook. You shouldn't be replacing/overriding the ca-certificates package. On Mon, Dec 13, 2021 at 6:36 PM Jeffrey Walton <noloa...@gmail.com> wrote: > > Hi Everyone, > > I'm working on a Windows machine with Windows Subsystem Linux (WSL). > The machine hosts Ubuntu 20.04. We are having some TLS problems due to > an interception proxy. I need to add a CA root to the ca-certificates > package or store. > > I checked the Ubuntu wiki and found one article on ca-certificates at > https://wiki.ubuntu.com/IncidentReports/2011-09-20-ca-certificates-removes-libnss3. > > I'm Ok with dropping the root CA in the filesystem and running > c_rehash, if needed. I'm happy to use the method if that is > recommended. > > My question is, how would I go about adding a root CA to the machine's > trusted root store? > > Thanks in advance. > > -- > Ubuntu-devel-discuss mailing list > Ubuntu-devel-discuss@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- "Genius might be described as a supreme capacity for getting its possessors into trouble of all kinds." -- Samuel Butler -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
