4

I'm behind a corporate proxy, and we have Windows PCs with root ca certs pre-installed so SSL works with the proxy. Within my PC, I'm spinning up Linux VMs for testing, and so I have a need to get those certs installed within the VM so I can hit whatever SSL URL I need (github cloning etc). I've tried a few methods to export the certs from Windows and import them into Ubuntu, but as of yet I am unable to access SSL from within the VM.

This answer gave me the best idea for what format to export the cert in from Windows (base-64 .cer). After I export the .cer files and copy them into place in the VM, I rename them with .crt extensions.

This answer best sums up what I'm trying in the VM.

After I add the certs to the usr/share/ca-certificates directory and run update-ca-certificates the certs do get symlinked into /etc/ssl/certs but still no SSL traffic.

This is on a Windows 7 host, Ubuntu 12.04 guest.

Community
  • 1
danseely
  • 41
  • 1
  • 3
  • What do you mean by "no ssl traffic"? Is firefox complaining that the cert isn't trusted? – psusi Jun 22 '15 at 22:35
  • Both Firefox & Chrome complain about loading any SSL site, and pings/github clones to HTTPS endpoints hang/fail. – danseely Jun 23 '15 at 12:07
  • I am suffering in the EXACT same scenario. This is particularly bad when working with git as all repo cloning is just blowing up. – Peter Short Feb 24 '16 at 15:22
  • Yeah, and I never actually got it working. Fortunately I'm not at that gig anymore, so ¯_(ツ)_/¯ – danseely Feb 25 '16 at 16:27

1 Answers1

0

Necro-posting, but in case someone else encounters this:

The answer (seems to be) that Firefox uses a different certificate store mechanism, so you should add it to the user-specific firefox profile. (Can use the firefox GUI)

See Add certificate authorities system-wide on Firefox

The problem here is that Firefox does not have a 'central' location where it looks for certificates. It just looks into the current profile. That's why modifying /usr/share/ca-certificates or other similar directories won't work with Firefox. This is something that has been requested for years; see issues 620373, 449498 and 454036 (and probably there are many others).

So you are left with just two kind of solutions: either modify each profile, or modify the behaviour of Firefox. I know this is not what you are looking for, but there are no ways because Firefox only looks at users' profiles.

Orangutech
  • 101