SSL Certificate, Chromed

It’s not a long time that Chrom* browsers added a certificate management panel. Not everybody knows – in fact – that they rely on the Network Security Service tools. To add an untrusted certificate to Chrom* without using the inteface you have to add it there.
To manage NSS you need to install certutil, contained in libnss

# apt-get install libnss3-tools

The NSS certificate database is stored in your home directory:

# ls /home/rpolli/.pki/nssdb -la
total 40
drwx------ 2 rpolli rpolli  4096 2011-10-16 19:24 .
drwx------ 4 rpolli rpolli  4096 2011-10-16 19:15 ..
-rw------- 1 rpolli rpolli 10240 2011-10-16 19:24 cert9.db
-rw------- 1 rpolli rpolli 13312 2011-10-16 19:24 key4.db
-rw------- 1 rpolli rpolli   529 2011-10-16 19:18 pkcs11.txt

You can list contained certificates with

# certutil -d sql:$HOME/.pki/nssdb  -L

Certificate Nickname                                         Trust Attributes
SSL,S/MIME,JAR/XPI

Get your certificate from your site with

#openssl s_client -connect www.mysite.org:443

you can script it a bit

# echo quit | openssl s_client -connect www.mysite.org:443 |& sed -ne '/--BEGIN/,/--END/p' > /tmp/mycert.pem

Convert the cert with

# openssl x509 -in /tmp/mycert.pem -inform PEM -outform DER -out /tmp/mycert.der

And add new certificates (in DER format)

# certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n www.mysite.it  -i /tmp/mycert.der

Now restart chrome and enjoy!

1 thoughts on “SSL Certificate, Chromed

  1. Pingback: certutil cheatsheet for 389 Directory Server « Va una spada!

Lascia un commento