Skip to content

Instantly share code, notes, and snippets.

@marians

marians/Chromium Linux.md

Last active March 12, 2024 06:32
Show Gist options
  • Star 28 You must be signed in to star a gist
  • Fork 12 You must be signed in to fork a gist
  • Save marians/b6ce3f2307a1a1ece69355a26c0a688a to your computer and use it in GitHub Desktop.
Save marians/b6ce3f2307a1a1ece69355a26c0a688a to your computer and use it in GitHub Desktop.
Download ZIP
How to install CA certificates and PKCS12 key bundles on different platforms
Raw
Chromium Linux.md

We install certutil and pk12util if necessary:

sudo apt install libnss3-tools

On Linux, Chromium uses the NSS Shared DB. Check if you have the ~/.pki/nssdb directory:

ls $HOME/.pki/nssdb

Assuming that your CA file to import is in path/to/ca.crt, do this to install a CA certificate:

certutil -A \
  -n "Name of certificate" \
  -t "TC,," \
  -d sql:$HOME/.pki/nssdb \
  -i path/to/ca.crt

We import the PKCS12 key bundle like this:

pk12util -i path/to/bundle.p12 -d sql:$HOME/.pki/nssdb -W mypassword

Now restart Chromium.

See https://chromium.googlesource.com/chromium/src/+/master/docs/linux_cert_management.md

Raw
Firefox on Linux.md

Ubuntu Linux 16.04

Might also work for other Debian-based distributions.

We install certutil and pk12util if necessary:

sudo apt install libnss3-tools

Find the path of your Firefox profile. This should ideally yield one path entry:

find ~/.mozilla/firefox -name "cert8.db"

Before you proceed, make sure Firefox is not running. This is important!

Assuming that your DB path is ~/.mozilla/firefox/6eozd6kv.default/cert8.db and your CA file to import is in path/to/ca.crt, do this to install the CA certificate:

certutil -A \
  -n "Name of certificate" \
  -t "TC,," \
  -d ~/.mozilla/firefox/6eozd6kv.default \
  -i path/to/ca.crt

We import the PKCS12 key bundle like this:

pk12util -i path/to/bundle.p12 -d ~/.mozilla/firefox/6eozd6kv.default -W mypassword

See http://stackoverflow.com/questions/1435000/programmatically-install-certificate-into-mozilla https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Tools/certutil

Raw
Mac OS.md

To add a CA certificate:

security add-trusted-cert -r trustRoot path/to/ca.crt
Raw
Windows 10.md

You'll need a command prompt with Administrator permissions.

  1. Use the search input next to the Windows menu button to search for "cmd".
  2. Right-click the "Command Prompt" entry and select the context menu item "Run as administrator".

Installing the CA certificate from path\to\ca.crt:

certutil.exe -addstore "Root" path\to\ca.crt

Assuming that your PKCS12 bundle is in path\to\bundle.p12, run this command:

certutil.exe -p password -user -importPFX path\to\bundle.p12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment