If you're using Linux, you can also follow this official wiki pages:
Basically:
- click the lock icon with an X,
- choose Certificate Information
- go to Details tab
- Click on Export... (save as a file)
Now, the following command will add the certificate (where YOUR_FILE is your exported file):
certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n YOUR_FILE -i YOUR_FILE
To list all your certificates, run the following command:
certutil -d sql:$HOME/.pki/nssdb -L
If it still doesn't work, you could be affected by this bug: Issue 55050: Ubuntu SSL error 8179
P.S. Please also make sure that you have
libnss3-tools, before you can use above commands.
If you don't have, please install it by:
sudo apt-get install libnss3-tools # on Ubuntu
sudo yum install nss-tools # on Fedora, Red Hat, etc.
As a bonus, you can use the following handy scripts:
$ cat add_cert.sh
certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n $1 -i $1
$ cat list_cert.sh
certutil -d sql:$HOME/.pki/nssdb -L # add '-h all' to see all built-in certs
$ cat download_cert.sh
echo QUIT | openssl s_client -connect $1:443 | sed -ne '/BEGIN CERT/,/END CERT/p'
Usage:
add_cert.sh [FILE]
list_cert.sh
download_cert.sh [DOMAIN]
Troubleshooting
- Run Chrome with
--auto-ssl-client-authparametergoogle-chrome --auto-ssl-client-auth
No comments:
Post a Comment