1. Download the Watchgaurd selfsigned https proxy certificate from http://firebox:4126
2. Rename the certificate to a recognizable name and change the extension from .CER to .CRT
3. Create directory <watchguard> in /usr/share/ca-certificates/
4. Copy the selfsigned certificate to the <watchguard> directory and change security to 744.
sudo chmod 744 selfsignedcert.crt
5. Change owner to root. chown root:root selfsignedcert.crt
6. Edit /etc/ca-certificates.conf to include the selfsigned certificate.
sudo vim /etc/ca-certificates.conf and add the following to the end of the file watchguard/selfsignedcert.crt
7. Create symbolic link to system folder.
ln -s /usr/share/ca-certificates/watchguard/selfsignedcert.crt /etc/ssl/certs/selfsignedcert.pem
8. Create hashed link.
/etc/ssl/certs – ln -s selfsignedcert.pem `openssl x509 -hash -noout -in selfsignedcert.pem`.0
9. Test the certificate with openssl verify -CApath /etc/ssl/certs selfsignedcert.pem
10. Use wget to test secure web access, wget www.google.com
No responses yet