WebDriver, Chome on Ubuntu add Certificate Authority from CLI

Question

I'm working on an application that uses Chrome and ChromeDriver (WebDriver) on Ubuntu.

My application uses a proxy to tunnel the traffic from the browser and to support SSL the proxy uses a self-signed certificate with its own Certificate Authority.

I know that I can add the CA to Ubuntu itself (/usr/local/share/ca-certificates/ + sudo update-ca-certificates) which makes e.g. curl work with my custom certificate.

I can also open Chrome, go to Settings -> Privacy and security -> Security -> Manage certificates, and add my custom CA-certificate here which works.

But I would like to automate this so that I can create a script that adds my CA-cert to Chrome.

How would I do that?

Answer 1

I continued my research and it turns out that Thomas Leister had the same problem and found that Chrome (and Firefox as well) uses their own CA-store.

He even provided a script to install the cert in a simple way:

First make sure libnss3-tools is installed

sudo apt install libnss3-tools

Then use this script:

#!/bin/bash

### Script installs root.cert.pem to certificate trust store of applications using NSS
### (e.g. Firefox, Thunderbird, Chromium)
### Mozilla uses cert8, Chromium and Chrome use cert9

###
### Requirement: apt install libnss3-tools
###


###
### CA file to install (CUSTOMIZE!)
###

certfile="root.cert.pem"
certname="My Root CA"


###
### For cert8 (legacy - DBM)
###

for certDB in $(find ~/ -name "cert8.db")
do
    certdir=$(dirname ${certDB});
    certutil -A -n "${certname}" -t "TCu,Cu,Tu" -i ${certfile} -d dbm:${certdir}
done


###
### For cert9 (SQL)
###

for certDB in $(find ~/ -name "cert9.db")
do
    certdir=$(dirname ${certDB});
    certutil -A -n "${certname}" -t "TCu,Cu,Tu" -i ${certfile} -d sql:${certdir}
done

https://thomas-leister.de/en/how-to-import-ca-root-certificate/