On 10.09.2016 18:05, Enrico Zini wrote: > I manually generated a new certificate with sso.debian.org, then > combined them into a PEM: > > cat enrico.crt enrico.key > enrico.pem > > I then tried to import them into chromium using certutil: > > certutil -d sql:/home/enrico/.pki/nssdb -A -i enrico.pem -n > sso.debian.org -t u -u C > > But the certificate shows up in chrome://settings/certificates under > "Other" instead of "Your Certificates". > > I could not find any combination of -t and -u that would make the > certificate show up in the right place. > > Is there a way to do it automatically with certutil? If so, The process > of enrolling with chrome could be easily scripted.
Did you try pk12util with a PKCS#12 file (bundle of key and certificate) already? (-d, -i as above, and -W for the password of the PKCS#12 file, which can be the empty string.) Probably something like "openssl pkcs12 -export -inkey enrico.key -in enrico.crt -name enrico -out enrico.p12" and something for the password to generate the PKCS#12 blob. Kind regards Philipp Kern
signature.asc
Description: OpenPGP digital signature
