How to add an SSL certificate to Chrome's certificate list in Ubuntu

Update (2018.02.16): in recent Chrome for Linux versions (at least since 48.*, i.e. 2016 January ... I couldn't find an installer for older versions) you can manage SSL certificates using the GUI. Visit the chrome://settings/certificates screen and use the "Import" button on the proper tab.

First of all, you can view Chrome's certificate store here: "Settings" / "Show advanced settings..." / "HTTP/SSL" / "Manage certificates..."
The server certificates (you import) will show up on the "Servers" tab.
You've to install the libnss3-tools package and use certutil to manage the certificate store. It's location is: $HOME/.pki/nssdb.

To list the certificates:
certutil -d sql:$HOME/.pki/nssdb -L

To add a self-signed peer (i.e. not certificate authority) PEM certificate:
certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n "some_nickname" -i some_certificate.pem

To add a CA (root) PEM certificate:
certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n "some_nickname" -i some_CA_certificate.pem

P.S.: note that the "sql:" prefix for the -d option is important, if you omit it, you'll get an error (eg. "certutil: function failed: The certificate/key database is in an old, unsupported format.")


Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Thank you so much!

Thank you so much! Couldn't figure out that "sql" trick.

Syndicate content