The Flow of Consciousness

+

I’ve recently begun using Chromium for most of my day-to-day browsing tasks. It recently gained support for Adobe Flash and other plugins. I’ll be excited to when it picks up Java, as well—then I’ll have little reason to use Firefox except for development. I’ve enjoyed watching the daily builds go from a virtually a crash-on-click shell to the wonderfully quick tool I’m using right now to type this post.

However, I’m a CACert user (and assurer!) and have several sites and/or utilities which rely on CACert-issued free SSL certificates.

Chromium on Linux doesn’t have its own certificate management system, but instead uses Mozilla’s Network Security Services (NSS) Public Key Infrastructure (PKI). The LinuxCertManagement article on Chromium’s wiki gives some instructions on how to import certificates.

I’ve reproduced these instructions for Ubuntu with some of my own additions below.

sudo apt-get install libnss3-tools
wget http://www.cacert.org/certs/root.crt
wget http://www.cacert.org/certs/class3.crt
certutil -d sql:$HOME/.pki/nssdb -A -t "TCu,Cu,Tuw" -n "CACert Class 1 Root Certificate" -i root.crt
certutil -d sql:$HOME/.pki/nssdb -A -t "TCu,Cu,Tuw" -n "CACert Class 3 Root Certificate" -i class3.crt
rm root.crt class3.crt

You’ll now be able to log in to sites using CACert SSL certificates without needing to click through the red screen of hate.

Note that as of the daily build for August 11, 2009, it is not yet possible to accept and/or present a certificate for use with certificate login. Hopefully, this won’t be too far off. Fortunately, I don’t use this login style very often.