Installing Self Signed Certificates onto Linux Clients (Fedora 18 with Chrome)

Following from my previous post The generation of the SSL Certificates was easy, however the tricky bit was adding it to my Linux clients, after a bit of Googling and reading through a few dated bug reports I managed to find a solution that worked. There were a wide variety of “partial” solutions and pointers, but this is what ended up working for me.

Note: This applies directly to Chrome. Firefox seems to control it’s own set of SSL certs, and neither do I use it much.

# Save our server certificate to a file
# Alternatively, you can grab the contents within the BEGIN CERTIFICATE and END CERTIFICATE (including the headers and footers) and save them to a file and skip the first command
echo `openssl s_client -connect andrewklau.com:443 2>&1` | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > andrewklau.com  
certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "andrewklau.com" -i andrewklau.com  
# List Installed Certs
certutil -L -d sql:$HOME/.pki/nssdb

# Delete an Installed Cert
certutil -d sql:$HOME/.pki/nssdb -D -n certnickname  

*Note: -n is for nickname

Now our SSL is now saved as a trusted cert. A little more tricker than the windows point and click solutions. Saves having to click the “I know the risks” button every time.

comments powered by Disqus