Skip to content

Ubuntu: Chrome/Firefox CA certificate improvements #75

Open
Open
Ubuntu: Chrome/Firefox CA certificate improvements#75
Assignees
defunctl
Labels
enhancementNew feature or request
@defunctl

Description

@defunctl
defunctl
opened on Jul 28, 2021

Need to add some additional automation for Debian/Ubuntu systems.

Chrome uses $HOME/.pki/nssdb on Ubuntu for certificates.

Firefox uses a random string path: ~/.mozilla/firefox/${RANDOM PROFILE}.default-release

Need the certutil binary: sudo apt install libnss3-tools

For Chrome:

  1. Tell the user to shut down all Chrome instances
  2. certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n tribe -i /usr/local/share/ca-certificates/tribeCA.crt

For Firefox:

  1. Tell the user to shut down all Firefox instances
  2. Get Firefox profile directory: find ~/.mozilla/firefox -name "cert9.db" | xargs dirname
  3. Something like this should work: certutil -d sql:$(find ~/.mozilla/firefox -name "cert9.db" | xargs dirname) -A -t "C,," -n tribe -i /usr/local/share/ca-certificates/tribeCA.crt

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions