Continuing the topic of installing certificates in the Ubuntu operating system, it is worth considering the procedure for installing them in Google Chrome. Here are the detailed instructions on how to add them.
If you decide to add a certificate to Google Chrome or Chromium in the GUI, open the settings from the main menu.
After that you need to open Privacy and Security -> Security -> Configure Certificates.
Next, go to "Certificate Authority".
Now you need to click the "Import" button and select the root certificate file.
At this stage you need to configure the trust settings. The certificate will be used to authenticate sites, then you can leave only the first item.
Once the certificate is added, you will no longer see information that the connection is not secure.
After that, you need to use the libnss3-tools package to work with certificates. You can install it by executing:
sudo apt install libnss3-tools
The Google Chrome certificate database is located in the ~/.pki/nssdb folder. You can view the available certificates with the command:
certutil -d ~/.pki/nssdb -L
The command syntax for adding a certificate is as follows:
$ certutil -d путь/к/базе/данных -A -t "настройки_доверия" -n "имя" -i "/путь/к/файлу"
Pay attention to trust. There are three groups of trust attributes, namely for:
SSL;
Email;
Software and other objects.
Each of the groups may contain attributes such as:
p - valid peer;
P - trusted peer;
c - valid certificate authority;
C - trusted certificate authority;
T - trusted certificate authority for client authorization.
For SSL certificates, the sequence "TC,,," will suffice. T and C attributes for SSL and nothing for anything else. The entire command to import ca.crt will look like this:
certutil -d sql:~/.pki/nssdb -A -t "TC,," -n "Losst CA" -i ./ca.crt
After that you can look at the list of certificates again to make sure everything is good:
certutil -d sql:~/.pki/nssdb -L
This completes the instructions.