# how to add ssl trusted certificate



## fred974 (Apr 18, 2017)

Hi,

I just install /security/ca_root_nss but I cannot fingure out how generate an www/nginx ssl_trusted_certificate..

I can see that installing ca_root_nss has created a /usr/local/share/certs/ca-root-nss.crt file..

Do I simply `cp /usr/local/share/certs/ca-root-nss.crt /usr/local/etc/ssl/cert.pem`

```
#Enable ocsp stapling
        resolver 8.8.8.8; 
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate /usr/local/etc/ssl/cert.pem;
```


----------



## drhowarddrfine (Apr 18, 2017)

I don't know about the nss stuff but you can tell nginx where to look for certs in the config file and that path can be anywhere. The problem with that is no browser will trust your self signed certs.


```
ssl_certificate /path/name/here;
ssl_certificate_key /path/name/here;
ssl_trusted_certificate /path/name/here;
```


----------



## SirDice (Apr 18, 2017)

If you want to use proper certificates you'll need to request one first (Verisign and all). And instead of self-signed certificates why not use LetsEncrypt? That's easily set up using security/acme-client.


----------

