It’s not a long time that Chrom* browsers added a certificate management panel. Not everybody knows – in fact – that they rely on the Network Security Service tools. To add an untrusted certificate to Chrom* without using the inteface you have to add it there.
To manage NSS you need to install certutil, contained in libnss
# apt-get install libnss3-tools
The NSS certificate database is stored in your home directory:
# ls /home/rpolli/.pki/nssdb -la total 40 drwx------ 2 rpolli rpolli 4096 2011-10-16 19:24 . drwx------ 4 rpolli rpolli 4096 2011-10-16 19:15 .. -rw------- 1 rpolli rpolli 10240 2011-10-16 19:24 cert9.db -rw------- 1 rpolli rpolli 13312 2011-10-16 19:24 key4.db -rw------- 1 rpolli rpolli 529 2011-10-16 19:18 pkcs11.txt
You can list contained certificates with
# certutil -d sql:$HOME/.pki/nssdb -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI
Get your certificate from your site with
#openssl s_client -connect www.mysite.org:443
you can script it a bit
# echo quit | openssl s_client -connect www.mysite.org:443 |& sed -ne '/--BEGIN/,/--END/p' > /tmp/mycert.pem
Convert the cert with
# openssl x509 -in /tmp/mycert.pem -inform PEM -outform DER -out /tmp/mycert.der
And add new certificates (in DER format)
# certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n www.mysite.it -i /tmp/mycert.der
Now restart chrome and enjoy!