Following on from my post on how to create your own SSL Certificate Authority, I’ve also started doing this for custom apt repos where we allow public repos over http and private repos over https (+ basic-auth).
To do this, you effectively need 3(+1) things
- apt-transport-https package on the client
- Install your Root CA Certificate, so you can sign your own certificates and remove certificate errors OR check out letsencrypt.org OR you can buy a valid one from a proper CA and be done with it.
- Setup https in the web server.
- configure basic auth in /etc/apt/sources.list.d/custom.list
We use basic-auth over https, so a there’s a fourth step.
I won’t cover the details on configuring Apache or creating an SSL Root CA or creating your own repo, I’ll assume you already have that figured out.
So here’s the condensed tasks.
- Create take your root CA cert and key
- Copy the cert to destination server (that is connecting to your repo). This is usually in
- On the the client, update the CA list
- On the client, install apt-transport-https.
apt-get install apt-transport-https
- In a apt sources list file (i prefer to use /etc/sources.list.d/
.list), add the repo.
deb https://your.reposerver.com/deb stable mainor with basic-auth
deb https://user:email@example.com/deb stable main
See it work with