Home

How to add an SSL certificate to Chrome's certificate list in Ubuntu

Tue, 2013.08.27 - 11:45 — müzso
http://code.google.com/p/chromium/wiki/LinuxCertManagement
Update (2018.02.16): in recent Chrome for Linux versions (at least since 48.*, i.e. 2016 January ... I couldn't find an installer for older versions) you can manage SSL certificates using the GUI. Visit the chrome://settings/certificates screen and use the "Import" button on the proper tab.

First of all, you can view Chrome's certificate store here: "Settings" / "Show advanced settings..." / "HTTP/SSL" / "Manage certificates..."
The server certificates (you import) will show up on the "Servers" tab.
You've to install the libnss3-tools package and use certutil to manage the certificate store. It's location is: $HOME/.pki/nssdb.

To list the certificates:
certutil -d sql:$HOME/.pki/nssdb -L

To add a self-signed peer (i.e. not certificate authority) PEM certificate:
certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n "some_nickname" -i some_certificate.pem

To add a CA (root) PEM certificate:
certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n "some_nickname" -i some_CA_certificate.pem

P.S.: note that the "sql:" prefix for the -d option is important, if you omit it, you'll get an error (eg. "certutil: function failed: The certificate/key database is in an old, unsupported format.")

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Fri, 2015.09.11 - 04:45 — Tyler (not verified)

Thank you so much!

Thank you so much! Couldn't figure out that "sql" trick.