Add a root certificate to all applications using Network Security Services (NSS), e.g. Firefox, Chrome and more.

add_cert_to_nss_apps.sh

#!/usr/bin/env bash

### Installs the given root certificate to:
# - every found trust store 
# - in the users profil directory 
# - for applications using NSS (e.g. Firefox, Thunderbird, Chrome).

hash certutil || { echo "certutil not found, please install 'libnss3-tools'"; exit 1; }

[[ -f $1 ]] || { echo "Please provide a certificate file."; exit 1; }
[[ -n $2 ]] || { echo "Please provide a 'nickname' by which you want to identify the provided root certificate."; exit 1; }


main() {
    declare certfile="$(readlink -f $1)"
    declare certname="$2"

    printf "\n%-8s %s\n" "CERT" "$certfile"
    printf "%-8s %s\n\n" "NICK" "$certname"

    for certDB in $(find ${HOME} -path '.*' -name "cert8.db" -o -name "cert9.db" 2>/dev/null)
    do
        certdir=$(dirname ${certDB});
        [[ $certDB =~ cert8\.db$ ]] && prefix=dbm #Don't rely on default
        [[ $certDB =~ cert9\.db$ ]] && prefix=sql

        certutil -A -n "${certname}" -t "TC,C,T" -i ${certfile} -d ${prefix}:${certdir}
        # A Nickname can be used to identify a certificate, e.g. for deletion:
        # certutil -D -n "${certname}" -d ${prefix}:${certdir}
        printf "%-8s %s\n" "DB" "$(readlink -f $certDB)"
        printf '%*s' 80 "" | tr ' ' '='
        certutil -L -d ${prefix}:${certdir}
        printf "%*s\n\n\n" 80 "" | tr ' ' '-'
    done


}

main "$@"