Note: This is usually a bad idea. You should really get the team who runs the CA to send you the certificate in case some bad guy is doing the MITM and not the local security team. Use this procedure with caution.
Get the signing certificate
openssl to print the certificate data.
openssl s_client -connect google.com:443 -showcerts
In the output you'll see, among other things, some certificates. They look like this:
-----BEGIN CERTIFICATE----- blaBLAbla -----END CERTIFICATE-----
Find the one signed by your local CA. Copy and paste it into a new file,
.crt file extension is required.
Don't copy anything before or after the BEGIN and END lines.
Trust the certificate
As root, move the certificate file to
mv example.com.crt /usr/local/share/ca-certificates update-ca-certificates
That's it. Now your system will trust certs signed by that CA too.