Custom Root Ca Arch Linux
This is my personal guide for installing the UCLab root CA certificate on Arch Linux, ensuring it’s trusted by the system and all major browsers including Microsoft Edge.
Prerequisites
- Root/sudo access
- The
uclab-root-ca.cercertificate file - The certificate is already in PEM format (no conversion needed)
Step 1: Install Certificate System-Wide
Copy the UCLab certificate to the system trust store:
Update the system trust store:
Verify the certificate was added:
You should see:
At this point, most command-line tools (curl, wget, git, etc.) and some browsers will trust your CA.
Step 2: Configure Microsoft Edge (and Chrome/Chromium)
Edge and Chromium-based browsers on Linux use the NSS (Network Security Services) certificate database, which is separate from the system trust store.
Add Certificate to NSS Database
First, check your NSS database location:
Add your certificate to the NSS database:
Important notes:
- Don’t use
sudo- this modifies your user’s database, not root’s - The
-t "C,,"flag sets the certificate as trusted for SSL/TLS
Verify Installation
List certificates in your NSS database:
You should see your certificate listed with trust attributes C,,:
Restart Edge
Kill all Edge processes and restart:
Then launch Edge normally. Your custom CA should now be trusted.
Verification
Test that your certificate works: