Custom system wide trusted CA certificate

[Ben Tyger]

Ello all,

  I'm trying to figure out how to install a custom (internal CA) root CA certificate on my machines for multiple users. I have my wife and 5 kids so installing them all per a user per a machine is a bit obnoxious. I looked into the chromium polices, but I didn't see anyway to add trusted CA certs to the trust store. I've also looked into the Shared NSS store and I created a /etc/pki/nssdb directory with the trusted CA certificate but that doesn't seem to work. 

Is there a way to get this to work, am I just missing something, or does this feature just not exist?

[Rohan Kumar]

I'd suggest using a tool like mkcert[1] to automate the process. Works
for browser and OS CA stores.

[1]: https://github.com/FiloSottile/mkcert

--
/Seirdy

[Hydrian]

Looks like mkcert is another CA. I don't need another CA. I need to able able to trust my existing root CA.

Also I can't tell if mkcert is being installed at the user level or system level. 

[Pavol Marko]

Adding trusted CAs through policies is currently only supported on Chrome OS.

This is Linux, right? Which distro?

For ubuntu https://ubuntu.com/server/docs/security-trust-store would seem relevant.

Thanks,

Pavol

--
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss

[Hydrian]

Sorry, guys. A bit of a false alarm. I was using Brave, not true Chromium. Since the codebases are so close, I suspected it would be a Chromium issue. It seems not to be. I started up a fresh Chromium instance and it had my custom Trusted CA that are in /usr/local/share/ca-certificates. 

I'll have to take a look at how Brave looks up those certificates. I have a feeling they broke something when they move the configuration directory from /etc/chromium to /etc/brave and the way that update-ca-certificates updates the system certificates.