0

I am behind corporate proxy that replaces root CA certificates on some websites. I did

cp corporate-certs/*.crt /usr/local/share/ca-certificates/corp
sudo update-ca-certificates --fresh

I do see that update-ca-certificates found out new certificates and created new links.

That did resolve the corporate website certificate resolution. However, I still get error when accessing public website with substituted root CA certificates that the certificate is untrusted. However when I add them manually the browser (the same certificates that were copied) as trusted authorities. This is both true for Firefox and Chromium browser. I wonder why the browser just don't pick up them from the OS source? Am I missing some steps?

Yuki
  • 233
  • 4
  • 10
  • Firefox at least used its own NSS trust store, and perhaps Chromium has moved to the same setup. – muru Feb 02 '21 at 12:51
  • 3
    Does this answer your question? [Add certificate authorities system-wide on Firefox](https://askubuntu.com/questions/244582/add-certificate-authorities-system-wide-on-firefox) – muru Feb 02 '21 at 12:51
  • @muru thank you. Regarding firefox I suspected something like this. What about Chromium? I though it does use system-wide certificates? – Yuki Feb 02 '21 at 14:16
  • So it was, but it seems they too have started using NSS according to https://chromium.googlesource.com/chromium/src/+/master/docs/linux/cert_management.md – muru Feb 02 '21 at 16:07

0 Answers0