how to import a self signed CA (root) ssl certificate into google chrome on linux
to import a self-signed CA ssl certificate into the linux version of google chrome, use the tool, certutil. on ubuntu (hence, probably debian), it is contained in the package, libnss3-tools.
chrome expects to find the certificate database in ~/.pki/nssdb. create, if needed:
[ -d ~/.pki/nssdb ] || mkdir -p ~/.pki/nssdb
import the ca cert with certutil:
certutil -d sql:$HOME/.pki/nssdb -A -n 'example.com cert authority' -i example.com.root.cert -t TCP,TCP,TCP
-
the directory parameter needs the sql: prepended or chrome won’t see the cert
-
i chose very generous trust values because i control my CA cert, i trust myself, and i was lazy. you probably want to tighten up those values.
the server certificate can be added in a similar manner:
certutil -d sql:$HOME/.pki/nssdb -A -n 'example.com' -i example.com.cert -t P,P,P