Your Linux Data Center Experts

I've been trying the Chromium browser recently, and have been liking it fairly well. But one thing I've run into is I have a number of sites with self-signed certificates. Unlike in Firefox, Chromium doesn't have a wizzy interface for saying “hey, I'm ok with this certificate, don't warn me about it in the future.” It uses the “NSS shared db” to store this, and has no interface for managing it.

Read on to learn how to fix this.

In particular, the saved passwords don't seem to work in Chromium if the site has an unknown certificate.

So, for now, management of this needs to be done by the command-line. Worse, because of a bug, the typical mechanism doesn't work. So, if you want to add a certificate to Chromium, you need to:

SERVERNAME=management.example.com
#  Get the SSL certificate
openssl s_client -showcerts -connect $SERVERNAME:443 \
      >/tmp/$SERVERNAME.cert </dev/null
#  Install it, use P,, after the bug mentioned above is fixed
certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n $SERVERNAME \
      -i /tmp/$SERVERNAME.cert
#  List the certificate.
certutil -d sql:$HOME/.pki/nssdb -L

Note that once the bug is fixed you can change that “C,,” to “P,,”.

You have to restart Chromium before it recognizes the change, but once you do it your page should come through without the warning. If you continue to get the warning, click on the lock next to the URL to get more information about why it's failing.

comments powered by Disqus

Join our other satisfied clients. Contact us today.