I needed to install a personal CA certificate on my Linux Mint computer, which I did like this:
mkdir /usr/share/ca-certificates/extra/ sudo cp Fortinet_CA_SSL.crt /usr/share/ca-certificates/extra/ sudo dpkg-reconfigure ca-certificates
After the last command, you need to select your CA. Afterwards the CA is trusted for command line tools like curl and get, but browsers like Chrome still dont trust the CA.
For this to work, we need to execute a few further steps, beginning with installing the “certutil” tool:
sudo apt install libnss3-tools
Afterwards we need to find all “cert9.db” files:
sij@mint20:~$ find ~/ -name "cert9.db" /home/sij/.pki/nssdb/cert9.db /home/sij/.mozilla/firefox/2h7izx7h.default-release/cert9.db
This file need to be extended with our certificate:
certutil -A -n FortiGate -t TCu,Cu,Tu -i /usr/share/ca-certificates/extra/Fortinet_CA_SSL.crt -d sql:/home/sij/.pki/nssdb certutil -A -n FortiGate -t TCu,Cu,Tu -i /usr/share/ca-certificates/extra/Fortinet_CA_SSL.crt -d sql:/home/sij/.mozilla/firefox/2h7izx7h.default-release
All credits to https://thomas-leister.de/en/how-to-import-ca-root-certificate/, where I found the solution for my problem. He even provides a small script, which adds the certificate to the “cert9.db” files.