Installing root CA certificates
I'm stetting up a testing environment. It's a closed environment with no access to the Internet when it's in use. The environment is launched from AWS and consists of a… (read more)
I'm stetting up a testing environment. It's a closed environment with no access to the Internet when it's in use.
The environment is launched from AWS and consists of an Ubuntu 18 desktop and a Ubuntu Server running Apache. The desktop is able to successfully load the website, but with a cert error that the certificate isn't trusted.
When the Ubuntu Desktop launches, it has a fresh install of Firefox, and therefore all the directories in the users home folder are not yet setup for Firefox, including the database where the root CAs are stored.
I'm am able to add the Root CA certificate into the Firefox cert database AFTER the machine fully boots and I run Firefox for the first time. I'm using the 'certutil' package to do this. After I load Firefox, then add the root CA certificate using certutil, I'm able to load the website without error.
I need to add this certificate to the database with the startup shell script for the machine.
Any help is greatly appreciated. Here's the commands I'm using:
- copy the CA cert into firefox
export ffcerts=`ls /home/testuser/.mozilla/firefox/ | grep default-release` sudo certutil -A -n "testcert" -t "TC,," -i /home/testuser/certificates/testcertCA.pem -d sql:/home/testuser/.mozilla/firefox/$ffcerts
These commands work perfectly after Firefox is run for the first time. I've even tried adding 'Firefox' (with several different switches) into my startup script without success.