Web lists-archives.com

Re: Correct way to install Intermediate certificates in Debian




I found a temporary solution that at least lets me visit the sites in Firefox.

However this doesn't fix OpenSSL (thus things like curl, wget).

#!/usr/bin/env bash

sudo apt-get install libnss3-tools

downloadCerts=(http://cacerts.thawte.com/ThawteRSACA2018.crt
               http://cacerts.geotrust.com/GeoTrustRSACA2018.crt)

wget -c "${downloadCerts[@]}"

for f in *.crt; do
    fbasename=${f%.crt}
    openssl x509 -inform der -outform pem -in "$f" -out "$fbasename".pem
    find ~ -name cert9.db -printf '%h\0' |
    while IFS= read -rd '' certDir; do
        certutil -A -n "${fbasename}" -t "TCu,Cuw,Tuw" -i "${fbasename}".pem -d sql:"$certDir"
    done
done

-- 
Tyler (tya99)
rsa4096/0x9C9954F88E388859