Adding a Certificate Authority to Chrome Trust Store

So you have a corporate or project specific root of trust you need Chrome to recognise. How do you take your PEM certificate as you get from easy-rsa or the like and make it something that Chrome will accept? The answer is not particularly complex, but it really seems like this very-common process is not something people bother to document straightforwardly.

certutil -d sql:${HOME}/.pki/nssdb -a -A -i /etc/server-keys/ca.crt -n localca -t "C,,"

with libnss3-tools installed. The flags are '-a' (ascii key), -A (add), -i (file to add), -n (nickname for the key), -t (trust as a CA)


Comments are closed.


Pingbacks are closed.