导入证书 | shiyiLiu

一、ubuntu系统导入证书
1.假设证书为 my.crt,将证书拷贝至/usr/local/share/ca-certificates
2.执行命令 update-ca-certificates 即可

这种方法只适用于对curl 和get 等命令，但是对chrome，firefox等浏览器并不生效
二、采用certutil证书导入工具为当前用户导入证书 ,证书所在目录~/.pki/nssdb
sudo apt install libnss3-tools //安装导入证书工具
编写导入证书脚本

点击(此处)折叠或打开

#!/bin/bash
### Script installs root.cert.pem to certificate trust store of applications using NSS
### (e.g. Firefox, Thunderbird, Chromium)
### Mozilla uses cert8, Chromium and Chrome use cert9
###
### Requirement: apt install libnss3-tools
###
###
### CA file to install (
###
certfile="root.crt"
certname="My Root CA"
###
### For cert8 (legacy - DBM)
###
for certDB in $(find ~/ -name "cert8.db")
do
certdir=$(dirname ${certDB});
certutil -A -n "${certname}" -t "TCu,Cu,Tu" -i ${certfile} -d dbm:${certdir}
done
###
### For cert9 (SQL)
###
for certDB in $(find ~/ -name "cert9.db")
do
certdir=$(dirname ${certDB});
certutil -A -n "${certname}" -t "TCu,Cu,Tu" -i ${certfile} -d sql:${certdir}
done

Web browsers like Firefox, Chromium, Google Chrome, Vivaldi and even e-mail clients like Mozilla Thunderbird don’t make use of the OS trust store, but use their own certificate trust store. These trust stores are files in the user directory, named “cert8.db” and “cert9.db” (for newer versions). You can modify the trust store files by using the “certutil” tool
三、ubuntu系统下chrome浏览器导入证书：

打开chrome浏览器设置---高级---隐私设置和安全性---管理证书---授权中心---导入

导入证书-LMLPHP