Add self-signed certs to Chrome

While Chrome is an excellent browser, there isn't a quick and easy method to convince it to stop freaking out over self-signed or custom ssl certificates. For the majority of users this is probably a good thing, however for sys-admins or developer types there has to be a better way. This bash script takes the hassle out of importing certificates to make Chrome be quiet. The first option for the script will be the hostname or ip address. The second option is only needed if you're running on a non-standard port (I'm looking at you, webmin).

REMHOST=$1          # Host to pull cert from
REMPORT=${2:-443}   # Set default of 443

exec 6>&1           # Link file descriptor #6 with stdout.
exec > $CERT        # stdout replaced with file

# All output from commands in this block sent to file $CERT
echo | openssl s_client -connect ${REMHOST}:${REMPORT} 2>&1 \ 

# ----------------------------------------------------------- #

exec 1>&6 6>&-      # Restore stdout and close file descriptor #6.
certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "$REMHOST" -i $CERT
echo "== Certificate for $REMHOST added == "
rm $CERT
exit 0

To validate that the cert has indeed been added after running the script, you can use the certutil app to show you what is listed in your personal trust.

[jperrin@bit-integrity ~]$ certutil -d sql:$HOME/.pki/nssdb -L

Certificate Nickname                                         Trust Attributes
localhost.localdomain                                        CT,,


Post a Comment

Newer Post Older Post Home
Copyright © Bit Integrity
Theme by BloggerThemes & NewWPThemes | Supported by Dfreebies is neither affiliated with the authors of this page nor responsible for its contents. This is a safe-cache copy of the original web site.