Total Pageviews

Friday, 11 August 2017

如何使linux桌面系统中的chrome信任自签名证书

If you're using Linux, you can also follow this official wiki pages:
Basically:
  • click the lock icon with an X,
  • choose Certificate Information
  • go to Details tab
  • Click on Export... (save as a file)
Now, the following command will add the certificate (where YOUR_FILE is your exported file):
certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n YOUR_FILE -i YOUR_FILE
To list all your certificates, run the following command:
certutil -d sql:$HOME/.pki/nssdb -L
If it still doesn't work, you could be affected by this bug: Issue 55050: Ubuntu SSL error 8179
P.S. Please also make sure that you have libnss3-tools, before you can use above commands.
If you don't have, please install it by:
sudo apt-get install libnss3-tools # on Ubuntu
sudo yum install nss-tools # on Fedora, Red Hat, etc.

As a bonus, you can use the following handy scripts:
$ cat add_cert.sh
certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n $1 -i $1
$ cat list_cert.sh
certutil -d sql:$HOME/.pki/nssdb -L # add '-h all' to see all built-in certs
$ cat download_cert.sh
echo QUIT | openssl s_client -connect $1:443 | sed -ne '/BEGIN CERT/,/END CERT/p'
Usage:
add_cert.sh [FILE]
list_cert.sh
download_cert.sh [DOMAIN]

Troubleshooting

  • Run Chrome with --auto-ssl-client-auth parameter
    google-chrome --auto-ssl-client-auth

No comments:

Post a Comment

Note: only a member of this blog may post a comment.