[arch-general] CA certifcates
Hi,
some months ago i needed to setup a Certificate Authority and add it's root certificate to the client machines, so i figured out and added the CA certificate to /usr/share/ca-certificates, edited the /etc/ca-certificates.conf to reflect this and them run "update-ca-certificates --fresh --verbose".
this added the CA to the SSL certs and generated the file with all the certificates in /etc/ssl/certs/ca-certificates.crt
So when i used Firefox and Chrome, it reflected this and the server certificate was validated.
But... This week, after a system upgrade both Firefox and Chrome, stopped to reflect this, even after i did all the above process again.
Firefox and Chrome are not using the ca-certificates package? Is there a way to do what i'm trying to do (a central point to manage certificates for all apps, especially browsers)?
And, a last question, is there a way to run a script after a specific package upgrade?
Thanks, --- Eduardo M. Machado
On 29/05/2014 04:30, Eduardo Machado wrote:
But... This week, after a system upgrade both Firefox and Chrome, stopped to reflect this, even after i did all the above process again.
Firefox and Chrome are not using the ca-certificates package? Is there a way to do what i'm trying to do (a central point to manage certificates for all apps, especially browsers)?
Fedora has been working on something close to what you'd want: one place to manage all certificates:
http://fedoraproject.org/wiki/Features/SharedSystemCertificates
I don't know how hard it would be integrate this into Arch Linux.
And, a last question, is there a way to run a script after a specific package upgrade?
I think this has been discussed at some point but this hasn't been implemented yet as far as I remember.
2014-05-29 5:30 GMT-03:00 Timothée Ravier siosm99@gmail.com:
On 29/05/2014 04:30, Eduardo Machado wrote:
But... This week, after a system upgrade both Firefox and Chrome, stopped to reflect this, even after i did all the above process again.
Firefox and Chrome are not using the ca-certificates package? Is there a way to do what i'm trying to do (a central point to manage certificates for all apps, especially browsers)?
Fedora has been working on something close to what you'd want: one place to manage all certificates:
http://fedoraproject.org/wiki/Features/SharedSystemCertificates
I don't know how hard it would be integrate this into Arch Linux.
I will study this so i can help. Anyone already looking into this?
But what was strange for me was that doing the steps i listed above it worked at Arch some months ago...
Do you know where Firefox or Chrome look for this list of CA certs?
And, a last question, is there a way to run a script after a specific package upgrade?
I think this has been discussed at some point but this hasn't been implemented yet as far as I remember.
-- Timothée Ravier
Thanks for the answer.
On 05/30/2014 05:15 AM, Eduardo Machado wrote:
2014-05-29 5:30 GMT-03:00 Timothée Ravier siosm99@gmail.com:
On 29/05/2014 04:30, Eduardo Machado wrote:
But... This week, after a system upgrade both Firefox and Chrome, stopped to reflect this, even after i did all the above process again.
Firefox and Chrome are not using the ca-certificates package? Is there a way to do what i'm trying to do (a central point to manage certificates for all apps, especially browsers)?
Fedora has been working on something close to what you'd want: one place to manage all certificates:
http://fedoraproject.org/wiki/Features/SharedSystemCertificates
I don't know how hard it would be integrate this into Arch Linux.
I will study this so i can help. Anyone already looking into this?
But what was strange for me was that doing the steps i listed above it worked at Arch some months ago...
Do you know where Firefox or Chrome look for this list of CA certs?
Firefox uses certificates from NSS database which is I believe compiled into NSS library (the same file is used to generate most if not all of ca-certificates though). I presume chrome/ium does the same.
And, a last question, is there a way to run a script after a specific package upgrade?
I think this has been discussed at some point but this hasn't been implemented yet as far as I remember.
-- Timothée Ravier
Thanks for the answer.
participants (3)
-
Armin K.
-
Eduardo Machado
-
Timothée Ravier