Add trusted root CA globally

Asked Feb 02 '21 at 12:44

Active Feb 02 '21 at 12:44

Viewed 3,242 times

I am behind corporate proxy that replaces root CA certificates on some websites. I did

cp corporate-certs/*.crt /usr/local/share/ca-certificates/corp
sudo update-ca-certificates --fresh

I do see that update-ca-certificates found out new certificates and created new links.

That did resolve the corporate website certificate resolution. However, I still get error when accessing public website with substituted root CA certificates that the certificate is untrusted. However when I add them manually the browser (the same certificates that were copied) as trusted authorities. This is both true for Firefox and Chromium browser. I wonder why the browser just don't pick up them from the OS source? Am I missing some steps?

asked Feb 02 '21 at 12:44

Yuki

Firefox at least used its own NSS trust store, and perhaps Chromium has moved to the same setup. – muru Feb 02 '21 at 12:51
3

Does this answer your question? Add certificate authorities system-wide on Firefox – muru Feb 02 '21 at 12:51
@muru thank you. Regarding firefox I suspected something like this. What about Chromium? I though it does use system-wide certificates? – Yuki Feb 02 '21 at 14:16
So it was, but it seems they too have started using NSS according to https://chromium.googlesource.com/chromium/src/+/master/docs/linux/cert_management.md – muru Feb 02 '21 at 16:07

Add trusted root CA globally

0 Answers0