Linux Google-chrome Import Certificate

Google-chrome for Linux uses a third-party tool for certificate verification to "do not duplicate the wheel.

The method is as follows:

Prerequisites: Install a third-party certificate management tool:
Yum install nss-Tools

1. Export the CA certificate from the HTTPS website. For details, refer:
Http://blog.avirtualhome.com/2010/02/02/adding-ssl-certificates-to-google-chrome-linux-ubuntu/

Taking into account some bad English students, I would like to briefly explain, for example, there is an HTTPS website name www.abc.com, first save the following content to a script named import-cert.sh:
---------- Import-cert.sh -------------
#! /Bin/sh
#
# Usage: import-cert.sh remote. Host. name [port]
#
Remhost = $1
Remport =$ {2:-443}
Exec 6> & 1
Exec> $ remhost
Echo | OpenSSL s_client-connect $ {remhost }:: {remport} 2> & 1 | sed-ne '/-begin Certificate-/,/-end Certificate-/P'
Certutil-d SQL: $ home/. PKI/nssdb-a-t TC-n "$ remhost"-I $ remhost
Exec 1> & 6 6> &-
---------- Import-cert.sh -------------

Then use this export script to export the CA certificate (a CA certificate with the same name as www.abc.com will be obtained ):
Import-cert.sh www.abc.com [port]

2. Import the certificate to a third-party Certificate database:
Certutil-d SQL: $ home/. PKI/nssdb-a-t TC-n "ca-name"-I www.abc.com

Third, for the OA system of the interconnected company, there is usually a private certificate, which is imported into a third-party Certificate database:
First, find a way to export the certificate from IE (export method reference: http://orzl.com/weblog/export-cer-with-jailbreak), assuming the Certificate Name Is privatekey. pfx, the import method is:
Pk12util-d SQL: $ home/. PKI/nssdb-I privatekey. pfx

4. Start Chrome with the auto-SSL-client-auth option:
Google-chrome -- auto-SSL-client-auth

Note: after Google Chrome 7.0.517.41, you can directly start it.