Windows 10 reached EOS (end of support) on October 14, 2025. If you are on Windows 10, see this article.

Avatar for Username

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

话题已关闭并存档。 如果需要帮助请提出新问题。

Installing root CA certificates

  • 3 个回答
  • 0 人有此问题
  • 1912 次查看
  • 最后回复者为 SuMo Bot

SuMo Bot
SuMo Bot

I'm stetting up a testing environment. It's a closed environment with no access to the Internet when it's in use.

The environment is launched from AWS and consists of an Ubuntu 18 desktop and a Ubuntu Server running Apache. The desktop is able to successfully load the website, but with a cert error that the certificate isn't trusted.

When the Ubuntu Desktop launches, it has a fresh install of Firefox, and therefore all the directories in the users home folder are not yet setup for Firefox, including the database where the root CAs are stored.

I'm am able to add the Root CA certificate into the Firefox cert database AFTER the machine fully boots and I run Firefox for the first time. I'm using the 'certutil' package to do this. After I load Firefox, then add the root CA certificate using certutil, I'm able to load the website without error.

I need to add this certificate to the database with the startup shell script for the machine.

Any help is greatly appreciated. Here's the commands I'm using:

  1. copy the CA cert into firefox

export ffcerts=`ls /home/testuser/.mozilla/firefox/ | grep default-release` sudo certutil -A -n "testcert" -t "TC,," -i /home/testuser/certificates/testcertCA.pem -d sql:/home/testuser/.mozilla/firefox/$ffcerts

These commands work perfectly after Firefox is run for the first time. I've even tried adding 'Firefox' (with several different switches) into my startup script without success.

I'm stetting up a testing environment. It's a closed environment with no access to the Internet when it's in use. The environment is launched from AWS and consists of an Ubuntu 18 desktop and a Ubuntu Server running Apache. The desktop is able to successfully load the website, but with a cert error that the certificate isn't trusted. When the Ubuntu Desktop launches, it has a fresh install of Firefox, and therefore all the directories in the users home folder are not yet setup for Firefox, including the database where the root CAs are stored. I'm am able to add the Root CA certificate into the Firefox cert database AFTER the machine fully boots and I run Firefox for the first time. I'm using the 'certutil' package to do this. After I load Firefox, then add the root CA certificate using certutil, I'm able to load the website without error. I need to add this certificate to the database with the startup shell script for the machine. Any help is greatly appreciated. Here's the commands I'm using: #copy the CA cert into firefox export ffcerts=`ls /home/testuser/.mozilla/firefox/ | grep default-release` sudo certutil -A -n "testcert" -t "TC,," -i /home/testuser/certificates/testcertCA.pem -d sql:/home/testuser/.mozilla/firefox/$ffcerts These commands work perfectly after Firefox is run for the first time. I've even tried adding 'Firefox' (with several different switches) into my startup script without success.

被采纳的解决方案

Thank you very much.

I'm generally a network engineer and not a sys-admin nor developer. I notice this is not so much a guide, but a detailed reference for an experienced user.

I'll do my best to make sense of it, and do some searches to see if I can learn how to apply this correctly. If there is a guide on how to implement this, I'd be very grateful.

定位到答案原位置 👍 1

所有回复 (4)

cor-el
cor-el

There is a policy available to install a certificate.

SuMo Bot
SuMo Bot 提问者

选择的解决方案

Thank you very much.

I'm generally a network engineer and not a sys-admin nor developer. I notice this is not so much a guide, but a detailed reference for an experienced user.

I'll do my best to make sense of it, and do some searches to see if I can learn how to apply this correctly. If there is a guide on how to implement this, I'd be very grateful.

SuMo Bot
SuMo Bot 提问者

Thanks. After parsing through the information I was able to successfully add my certificate.

thank you.

SuMo Bot
SuMo Bot 提问者

This question has been locked because the original author has deleted their account. While you can no longer post new replies, the existing content remains available for reference.