We do not have any customizations in Chromium, so I assume they are saved in the default location.
When rolling out our clients, we install our internal CA to /etc/univention/ssl/ucsCA/CAcert.pem with a symlink in /usr/local/share /ca-certificates/UCSdomain.crt: 0 lrwxrwxrwx 1 root root 36 Jan 17 2019 UCSdomain.crt -> /etc/univention/ssl/ucsCA/CAcert.pem and then "sudo update-ca-certificates" to include it to Ubuntu's SSL storage. But that was ignored by Chromium since ever. Interestingly, when I want to add our CA to Chromium, an error message pops up, informing me about being unable to install the certificate to Chromium since it's already installed - but I cannot find the certificate in the overview. Interstingly, cert9.db was not updated two days ago when I reproduced the error for the appreport: cd snap/chromium/current/.pki/nssdb insgesamt 69.632 28.672 -rw------- 1 tdenisse Domain Users 28.672 Mai 8 2020 cert9.db 36.864 -rw------- 1 tdenisse Domain Users 36.864 Mai 8 2020 key4.db 4.096 -rw------- 1 tdenisse Domain Users 468 Apr 30 2020 pkcs11.txt I just made a clean re-install of Chromium (uninstalled Debian and snap package, moved ~/snap/chromium to chromium_old, reinstalled Debian and snap package), installed our certificate and now everything works (again). I will keep you updated with the next chromium update through snap. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905010 Title: [snap] chromium forgets custom root certificates after each update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1905010/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
