Web lists-archives.com

Re: Correct way to install Intermediate certificates in Debian




On 13.04.2019 23:21, Tyler A wrote:
I found a temporary solution that at least lets me visit the sites in Firefox.

However this doesn't fix OpenSSL (thus things like curl, wget).

#!/usr/bin/env bash

sudo apt-get install libnss3-tools

downloadCerts=(http://cacerts.thawte.com/ThawteRSACA2018.crt
               http://cacerts.geotrust.com/GeoTrustRSACA2018.crt)

wget -c "${downloadCerts[@]}"

for f in *.crt; do
    fbasename=${f%.crt}
    openssl x509 -inform der -outform pem -in "$f" -out "$fbasename".pem
    find ~ -name cert9.db -printf '%h\0' |
    while IFS= read -rd '' certDir; do
        certutil -A -n "${fbasename}" -t "TCu,Cuw,Tuw" -i "${fbasename}".pem -d sql:"$certDir"
    done
done

This script imports certificates into Mozilla Firefox own NSS DB.
You can do the same procedure more easily in Firefox GUI with "Certificate Manager". ("Preferences" >> "Privacy & Security", click "View Certificates")

-- 
With kindest regards, Alexander.

⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄⠀⠀⠀⠀