Skip to content

Instantly share code, notes, and snippets.

@legioz

legioz/README.md

Last active March 25, 2021 20:43
Show Gist options
  • Save legioz/a8d49274997c9f938abcd244fa043c9a to your computer and use it in GitHub Desktop.
Save legioz/a8d49274997c9f938abcd244fa043c9a to your computer and use it in GitHub Desktop.
Download ZIP
Institutional Certificates Applied to Linux, Containers and Python Virtual Environment
Raw
README.md

Institutional Certificates Applied to Linux Apps and Python Virtual Environment

#!/bin/bash

### Script installs root.cert.pem to certificate trust store of applications using NSS
### (e.g. Firefox, Thunderbird, Chromium)
### Mozilla uses cert8, Chromium and Chrome use cert9

###
### Requirement: apt install libnss3-tools
###


###
### CA file to install (CUSTOMIZE!)
###

certfile="institutional-ca.pem"
certname="Institutional CA"

certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n "${certname}" -i ${certfile}


###
### For cert8 (legacy - DBM)
###

for certDB in $(find ~/ -name "cert8.db")
do
    certdir=$(dirname ${certDB});
    certutil -A -n "${certname}" -t "TCu,Cu,Tu" -i ${certfile} -d dbm:${certdir}
done


###
### For cert9 (SQL)
###

for certDB in $(find ~/ -name "cert9.db")
do
    certdir=$(dirname ${certDB});
    certutil -A -n "${certname}" -t "TCu,Cu,Tu" -i ${certfile} -d sql:${certdir}
done

For python dependencies, copy the CA inside the virtualenv path like the example below

cat institution-certificate.pem >> venv/lib/python3.9/site-packages/certifi/cacert.pem

Update Linux Certificates(Also required inside containers when they are being used)

sudo mv institutional-ca.crt /usr/local/share/ca-certificates/institutional-ca.crt
sudo update-ca-certificates
# on debian based distros you could also use the interactive mode:
sudo dpkg-reconfigure ca-certificates

;) NO MORE GOHORSE ROUTING WIFI FROM MOBILE TO DESKTOP

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment