Add a ca root to ca-certificates in WSL environment?

Michael Loftis mloftis at
Tue Dec 14 14:17:26 UTC 2021

No special magic for the WSL Ubuntu install.  You just apt-get install
ca-certificates on the WSL Ubuntu environment command line, drop the
pem certificate(s) in file(s) in /etc/ssl/certs, run
update-ca-certificates (as root, use sudo) and you're done.   Just
make sure the pem's are globally readable. The new certificate(s) will
be included in /etc/ssl/certs/ca-certificates.crt and all system
packages use that as their trusted root certs, pretty sure it'll also
add the hash symlinks too.  That decade (and a bit) old IR is long,
long, long closed.  This will NOT affect any Windows based stuff.

If you need to have it packaged then you'll have to do your own
package, with a post-install hook.  You shouldn't be
replacing/overriding the ca-certificates package.

On Mon, Dec 13, 2021 at 6:36 PM Jeffrey Walton <noloader at> wrote:
> Hi Everyone,
> I'm working on a Windows machine with Windows Subsystem Linux (WSL).
> The machine hosts Ubuntu 20.04. We are having some TLS problems due to
> an interception proxy. I need to add a CA root to the ca-certificates
> package or store.
> I checked the Ubuntu wiki and found one article on ca-certificates at
> I'm Ok with dropping the root CA in the filesystem and running
> c_rehash, if needed. I'm happy to use the method if that is
> recommended.
> My question is, how would I go about adding a root CA to the machine's
> trusted root store?
> Thanks in advance.
> --
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss at
> Modify settings or unsubscribe at:


"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler

More information about the Ubuntu-devel-discuss mailing list