Home > Software > Security > chromium ssl

Adding a Personal Certificate to Chromium

woody57 - Tue, 08/03/2011 - 12:40 ( wiki )

Personal Certificate and private key for SSL client authentication in Chromium

This workshop seeks to solve the problem of client authentication, particularly when logging into a secure third party mail server or secure website using the Chromium browser.

As many of you are aware when attempting to access a webmail account using any browser the relevant ISP will exchange SSL Certificates with your computer and if your computer does not allow that ISP Certificate a warning will be issued and you have to decide whether to proceed.

This is particularly relevant when using Chromium to obtain mail from a third party webmail server. Chromium only recognises trusted secure certificates and does not recognise SSL certificates from third parties but operates with NSS Certificates. Therefore, there is set out below one way in which Chromium will accept a third party secure Certificate.

The process is as follows:-

Open Firefox, select edit, then preferences,
select advanced (Fig. 1) and then select view certificates from the Encryption tab, (Fig. 2).

Fig. 1_0.preview

Fig. 1


Fig. 2_0_0.preview

Fig. 2

Scroll down the list of certificates until you find the third party server you are interested in eg “mail.soslug.org” which in our case would be under the heading Soslug, and select it. Next select export and append .pem to the generated third party file name e.g. “mail.soslug.org” so the file name looks like this:-

mail.soslug.org.pem (where “mail.soslug.org” will be replaced by the address of the server you are interested in)

and save the file somewhere you can retrieve it easily.

Then install the libnss3-tools package requirement

#> sudo apt-get install libnss3-tools

However, if you cannot find the third party server in the list of certificates, type the server you are looking for into the Firefox browser and press enter. A trusted warning page appears on which you proceed in spite of the warning. A further warning page appears in which you confirm acceptance of the certificate. You can then proceed with the process mentioned above in Firefox.

Now open a new terminal and type (without Bold) and on one line

#> certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "servername.org" -i <path>/servername.org.pem

where <path> is the location of the file you saved above.

Press enter and the terminal will work its magic.

When you next use Chromium to access your third party server you should now have direct access without a warning message about the SSL Certificate.