I tried and they aren't working for me.
I can confirm that DEB install of Chrome can see my certificates after
doing this workaround with my Ansible
- name: Make sure p11-kit is installeed
ansible.builtin.apt:
name:
- p11-kit
- p11-kit-modules
- name: Backup libnssckbi.so
ansible.builtin.copy:
src: /usr/lib/x86_64-linux-gnu/nss/libnssckbi.so
dest: /usr/lib/x86_64-linux-gnu/nss/libnssckbi.so.old
remote_src: true
ignore_errors: true
- name: Delete original libnssckbi.so
ansible.builtin.file:
name: /usr/lib/x86_64-linux-gnu/nss/libnssckbi.so
state: absent
- name: Symlink p11-kit-trust.so to libnssckbi.so
ansible.builtin.file:
src: /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so
dest: /usr/lib/x86_64-linux-gnu/nss/libnssckbi.so
state: link
ignore_errors: true
- name: Create Intermediate certificate
ansible.builtin.copy:
dest: /usr/local/share/ca-certificates/<hidden>_intermediate_ca-chain.crt
content: |
-----BEGIN CERTIFICATE-----
<hidden>
-----END CERTIFICATE-----
mode: '0644'
- name: Create root certificate
ansible.builtin.copy:
dest: /usr/local/share/ca-certificates/<hidden>_root_ca-chain.crt
content: |
-----BEGIN CERTIFICATE-----
<hidden>
-----END CERTIFICATE-----
mode: '0644'
- name: Update certificate store
ansible.builtin.command: /usr/sbin/update-ca-certificates --fresh
register: ubuntu_cert
changed_when: ubuntu_cert.rc != 0
https://forum.snapcraft.io/t/firefox-snap-doesnt-recognize-root-
certificate/37925/24?u=yamiyukisenpai
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1901586
Title:
[snap] CA Certificates from /usr/local/share/ca-certificates are not
used
Status in chromium-browser package in Ubuntu:
Confirmed
Bug description:
We have a company internal CA and placed its root CA certificate in
/usr/local/share/ca-certificates and ran update-ca-certificates. This
always worked for chromium based browsers.
With chromium-browser as snap in Ubuntu 20.04 this seems to not work
any more. Chromium reports invalid certificates as it cannot validate
the chain any more.
PLease make the snap version of Chromium use the certificates from the
system (out of /etc/ssl/certs etc).
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: chromium-browser (not installed)
ProcVersionSignature: Ubuntu 5.4.0-52.57-generic 5.4.65
Uname: Linux 5.4.0-52-generic x86_64
ApportVersion: 2.20.11-0ubuntu27.10
Architecture: amd64
CasperMD5CheckResult: skip
CurrentDesktop: XFCE
Date: Mon Oct 26 18:51:29 2020
InstallationDate: Installed on 2020-09-26 (30 days ago)
InstallationMedia: Xubuntu 20.04.1 LTS "Focal Fossa" - Release amd64
(20200731)
SourcePackage: chromium-browser
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1901586/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
