Getting Chrome to accept self-signed localhost certificate

后端 未结 30 2944
小蘑菇
小蘑菇 2020-11-21 11:30

I have created a self-signed SSL certificate for the localhost CN. Firefox accepts this certificate after initially complaining about it, as expected. Chrome and IE, however

30条回答
  •  粉色の甜心
    2020-11-21 12:02

    The GUI for managing SSL certs on Chromium on Linux did NOT work properly for me. However, their docs gave the right answer. The trick was to run the command below that imports the self-signed SSL cert. Just update the name of the and certificate-filename.cer, then restart chromium/chrome.

    From the Docs:

    On Linux, Chromium uses the NSS Shared DB. If the built-in manager does not work for you then you can configure certificates with the NSS command line tools.

    Get the tools

    • Debian/Ubuntu: sudo apt-get install libnss3-tools

    • Fedora: su -c "yum install nss-tools"

    • Gentoo: su -c "echo 'dev-libs/nss utils' >> /etc/portage/package.use && emerge dev-libs/nss" (You need to launch all commands below with the nss prefix, e.g., nsscertutil.) Opensuse: sudo zypper install mozilla-nss-tools

    To trust a self-signed server certificate, we should use

    certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n -i certificate-filename.cer

    List all certificates

    certutil -d sql:$HOME/.pki/nssdb -L

    The TRUSTARGS are three strings of zero or more alphabetic characters, separated by commas. They define how the certificate should be trusted for SSL, email, and object signing, and are explained in the certutil docs or Meena's blog post on trust flags.

    Add a personal certificate and private key for SSL client authentication Use the command:

    pk12util -d sql:$HOME/.pki/nssdb -i PKCS12_file.p12

    to import a personal certificate and private key stored in a PKCS #12 file. The TRUSTARGS of the personal certificate will be set to “u,u,u”.

    Delete a certificate certutil -d sql:$HOME/.pki/nssdb -D -n

    Excerpt From: https://chromium.googlesource.com/chromium/src/+/HEAD/docs/linux_cert_management.md

提交回复
热议问题