So you have a corporate or project specific root of trust you need Chrome to recognise. How do you take your PEM certificate as you get from easy-rsa or the like and make it something that Chrome will accept? The answer is not particularly complex, but it really seems like this very-common process is not something people bother to document straightforwardly.
certutil -d sql:${HOME}/.pki/nssdb -a -A -i /etc/server-keys/ca.crt -n localca -t "C,,"
with libnss3-tools installed. The flags are '-a' (ascii key), -A (add), -i (file to add), -n (nickname for the key), -t (trust as a CA)
from Planet Python
via read more
No comments:
Post a Comment