On Ubuntu, you can install a custom certificate like this:
sudo apt install -yy ca-certificates
sudo cp microba-root-ca.crt /usr/local/share/ca-certificates/
ls -aFlh /usr/local/share/ca-certificates/
sudo update-ca-certificates
Arch Linux uses a different command, update-ca-trust
, which is part of ca-certificates-utils
.
sudo pacman -S ca-certificates-utils
Next, place your certificate in /etc/ca-certificates/trust-sources/anchors
sudo cp your-root-ca.crt /etc/ca-certificates/trust-source/anchors/
And update the trusted certificates using:
sudo update-ca-trust
Finally, run trust list
and you should see your certificate there.
This was also required to access my internal work network, which requires a VPN (Tailscale) and a custom root certificate.
I ran:
sysctl net.ipv4.ip_forward
Which was set to 0. I needed to enable it!
You can temporarily do it like this:
sudo sysctl -w net.ipv4.ip_forward=1
Better yet, make it permanent:
sudo nvim /etc/sysctl.d/99-sysctl.conf
# add this
net.ipv4.ip_forward=1
# restart
sudo sysctl --system
Arch is great - you need to learn how things work, but this really forces you to understand what's going on. I like it.