I'm working on an application that uses Chrome and ChromeDriver (WebDriver) on Ubuntu.
My application uses a proxy to tunnel the traffic from the browser and to support SSL the proxy uses a self-signed certificate with its own Certificate Authority.
I know that I can add the CA to Ubuntu itself (/usr/local/share/ca-certificates/ + sudo update-ca-certificates) which makes e.g. curl work with my custom certificate.
I can also open Chrome, go to Settings -> Privacy and security -> Security -> Manage certificates, and add my custom CA-certificate here which works.
But I would like to automate this so that I can create a script that adds my CA-cert to Chrome.
How would I do that?
I continued my research and it turns out that Thomas Leister had the same problem and found that Chrome (and Firefox as well) uses their own CA-store.
He even provided a script to install the cert in a simple way:
First make sure libnss3-tools is installed
sudo apt install libnss3-tools
Then use this script:
#!/bin/bash
### Script installs root.cert.pem to certificate trust store of applications using NSS
### (e.g. Firefox, Thunderbird, Chromium)
### Mozilla uses cert8, Chromium and Chrome use cert9
###
### Requirement: apt install libnss3-tools
###
###
### CA file to install (CUSTOMIZE!)
###
certfile="root.cert.pem"
certname="My Root CA"
###
### For cert8 (legacy - DBM)
###
for certDB in $(find ~/ -name "cert8.db")
do
certdir=$(dirname ${certDB});
certutil -A -n "${certname}" -t "TCu,Cu,Tu" -i ${certfile} -d dbm:${certdir}
done
###
### For cert9 (SQL)
###
for certDB in $(find ~/ -name "cert9.db")
do
certdir=$(dirname ${certDB});
certutil -A -n "${certname}" -t "TCu,Cu,Tu" -i ${certfile} -d sql:${certdir}
done
https://thomas-leister.de/en/how-to-import-ca-root-certificate/