User Tools

Site Tools


chrome

Chrome (Google chrome) and Chromium

SSL-Certificate management on Linux

:?: Since Chrome 10.x it's possible to manage vertificates within the config tab! No need for below instructions anymore.

sudo apt-get install libnss3-tools

Official documentation: http://code.google.com/p/chromium/wiki/LinuxCertManagement

Cite from the documentation regarding self-signed certificates:

Note: to trust a self-signed server certificate, we should use

certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n <certificate nickname> -i <certificate filename>

Unfortunately that doesn't work because of NSS bug 531160. To work around the NSS bug, you have to trust it as a CA using the "C,," trust flags.

HOWTO import a certificate

  1. Open a website (e.g. https://kbase.dominik-geyer.de/). A warning about the certificate is displayed. Continue.
  2. Click on the key-icon in the address-bar
  3. Choose “Certificate information”
  4. Verify it's REALLY the correct certificate (e.g. fingerprint)
  5. Switch to tab “Details”
  6. Click on “Export…” and choose a filename (e.g. dominik.geyer.de.cert) and save as “BASE64-encoding ASCII, Single Certificate” (default selection).

Perform the import using certutil. As mentioned in the documentation (NSS bug 531160) the trust as private (P,,) doesn't work, so use (C,,)

$ certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n 'dominik-geyer.de' -i dominik-geyer.de.cert

List all installed certificates

$ certutil -d sql:$HOME/.pki/nssdb -L
chrome.txt · Last modified: 2011-07-24 03:35 CEST by dominik