User Tools

Site Tools


howtos:add_trusted_ca

Make CA or Certificate trusted

For the time being there is no gui way of trusting a certificate in Chrome on Linux.

To trust a certificate/CA you must do the following:

1. Install certutil

sudo apt-get install libnss3-tools

2. Run certutil

certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "domingo.dk" -i domingo.dk.crt

The certificate is inside the file called “domingo.dk.crt”.

Import script

#!/bin/sh
#
# usage:  import-cert.sh remote.host.name [port]
#
REMHOST=$1
REMPORT=${2:-443}
exec 6>&1
exec > $REMHOST
echo | openssl s_client -connect ${REMHOST}:${REMPORT} 2>&1 |sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "$REMHOST" -i $REMHOST 
exec 1>&6 6>&-

Example:

./import-cert.sh domingo.dk

Script source: http://blog.avirtualhome.com/2010/02/02/adding-ssl-certificates-to-google-chrome-linux-ubuntu/

howtos/add_trusted_ca.txt · Last modified: d/m/Y H:i by 127.0.0.1