We do not have any customizations in Chromium, so I assume they are saved in the default location.
When rolling out our clients, we install our internal CA to /etc/univention/ssl/ucsCA/CAcert.pem with a symlink in /usr/local/share /ca-certificates/UCSdomain.crt: 0 lrwxrwxrwx 1 root root 36 Jan 17 2019 UCSdomain.crt -> /etc/univention/ssl/ucsCA/CAcert.pem and then "sudo update-ca-certificates" to include it to Ubuntu's SSL storage. But that was ignored by Chromium since ever. Interestingly, when I want to add our CA to Chromium, an error message pops up, informing me about being unable to install the certificate to Chromium since it's already installed - but I cannot find the certificate in the overview. Interstingly, cert9.db was not updated two days ago when I reproduced the error for the appreport: cd snap/chromium/current/.pki/nssdb insgesamt 69.632 28.672 -rw------- 1 tdenisse Domain Users 28.672 Mai 8 2020 cert9.db 36.864 -rw------- 1 tdenisse Domain Users 36.864 Mai 8 2020 key4.db 4.096 -rw------- 1 tdenisse Domain Users 468 Apr 30 2020 pkcs11.txt I just made a clean re-install of Chromium (uninstalled Debian and snap package, moved ~/snap/chromium to chromium_old, reinstalled Debian and snap package), installed our certificate and now everything works (again). I will keep you updated with the next chromium update through snap. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/1905010 Title: [snap] chromium forgets custom root certificates after each update Status in chromium-browser package in Ubuntu: Incomplete Bug description: Running lsb_release -rd Description: Ubuntu 20.04.1 LTS Release: 20.04 with snap list | grep chromium chromium 87.0.4280.66 1411 latest/stable canonical* - each time the snap container gets an update, our own root CA is deleted from the certificate storage, leading to all our internal websites being marked as potentially evil. It would be nice if either snap migrates all data completely from one version to another, or saving custom certificates inside the current-symlink (which does not forget any data stored in there) --- ProblemType: Bug ApportVersion: 2.20.11-0ubuntu27.12 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: ubuntu:GNOME DRM.card0-DP-1: enabled: enabled dpms: On status: connected edid-base64: AP///////wAQrDxBTFFGQS0dAQOANx947u6Vo1RMmSYPUFSlSwBxT6lAgYDRwAEBAQEBAQEBVl4AoKCgKVAwIDUAKTchAAAaAAAA/wAzQzRZUDlCOUFGUUwKAAAA/ABERUxMIFUyNTE4RAogAAAA/QA4TB5aGQAKICAgICAgAaYCAyTxT5AFBAMCBxYBBhESFRMUHyMJHweDAQAAZwMMABAAADICOoAYcTgtQFgsRQApNyEAAB5+OQCggDgfQDAgOgApNyEAABoBHQByUdAeIG4oVQApNyEAAB6/FgCggDgTQDAgOgApNyEAABoAAAAAAAAAAAAAAAAAAAAAAAAAxg== modes: 2560x1440 2048x1080 2048x1080 1920x1080 1920x1080 1920x1080 1920x1080i 1920x1080i 1920x1080 1920x1080i 1600x1200 1280x1024 1280x1024 1152x864 1280x720 1280x720 1280x720 1280x720 1024x768 1024x768 800x600 800x600 720x576 720x576 720x480 720x480 720x480 720x480 640x480 640x480 640x480 640x480 720x400 DRM.card0-DP-2: enabled: disabled dpms: Off status: disconnected edid-base64: modes: DRM.card0-HDMI-A-1: enabled: disabled dpms: Off status: disconnected edid-base64: modes: DRM.card0-HDMI-A-2: enabled: disabled dpms: Off status: disconnected edid-base64: modes: DRM.card0-eDP-1: enabled: disabled dpms: Off status: connected edid-base64: AP///////wANrskUAAAAAAgaAQSVHxF4Aihll1lUjiceUFQAAAABAQEBAQEBAQEBAQEBAQEBtDuASnE4NEBQPGgANa0QAAAYAAAA/gBOMTQwSENBLUVBQgogAAAA/gBDTU4KICAgICAgICAgAAAA/gBOMTQwSENBLUVBQgogAD4= modes: 1920x1080 DiskUsage: Filesystem Type Size Used Avail Use% Mounted on /dev/mapper/ubuntu--vg-root ext4 232G 108G 113G 49% / tmpfs tmpfs 7,8G 134M 7,6G 2% /dev/shm /dev/mapper/ubuntu--vg-root ext4 232G 108G 113G 49% / DistroRelease: Ubuntu 20.04 InstallationDate: Installed on 2019-01-17 (675 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426) MachineType: LENOVO 20LS001AGE Package: chromium-browser 1:85.0.4183.83-0ubuntu0.20.04.2 PackageArchitecture: amd64 ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.4.0-54-generic root=/dev/mapper/ubuntu--vg-root ro quiet splash vt.handoff=7 ProcVersionSignature: Ubuntu 5.4.0-54.60-generic 5.4.65 Snap.Changes: ID Status Spawn Ready Summary 186 Done 2020-11-23T10:48:28+01:00 2020-11-23T10:48:31+01:00 "chromium" Snap wiederherstellen 187 Done 2020-11-23T10:49:18+01:00 2020-11-23T10:49:21+01:00 "chromium" Snap auffrischen Snap.ChromeDriverVersion: ChromeDriver 87.0.4280.66 (fd98a29dd59b36f71e4741332c9ad5bda42094bf-refs/branch-heads/4280@{#1432}) Snap.ChromiumVersion: Chromium 87.0.4280.66 snap Tags: focal snap Uname: Linux 5.4.0-54-generic x86_64 UpgradeStatus: Upgraded to focal on 2020-04-28 (208 days ago) UserGroups: dialout lpadmin sambashare sudo wireshark _MarkForUpload: True dmi.bios.date: 12/18/2019 dmi.bios.vendor: LENOVO dmi.bios.version: R0QET60W (1.37 ) dmi.board.asset.tag: Not Available dmi.board.name: 20LS001AGE dmi.board.vendor: LENOVO dmi.board.version: SDK0J40697 WIN dmi.chassis.asset.tag: No Asset Information dmi.chassis.type: 10 dmi.chassis.vendor: LENOVO dmi.chassis.version: None dmi.modalias: dmi:bvnLENOVO:bvrR0QET60W(1.37):bd12/18/2019:svnLENOVO:pn20LS001AGE:pvrThinkPadL480:rvnLENOVO:rn20LS001AGE:rvrSDK0J40697WIN:cvnLENOVO:ct10:cvrNone: dmi.product.family: ThinkPad L480 dmi.product.name: 20LS001AGE dmi.product.sku: LENOVO_MT_20LS_BU_Think_FM_ThinkPad L480 dmi.product.version: ThinkPad L480 dmi.sys.vendor: LENOVO To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1905010/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp