I have a large number of workstations that run RedHat Enterprise Linux 5 and 6. I'd like to deploy our new internal CA (Active Directory) to these machines. I can manually import the certificate into Firefox 10 without any issues, but I can't seem to find where to store the .cer file on the filesystem so that it will be used by FireFox and Google Chrome. Is there a central location for trusted CAs that is used by both of these browsers?
If not, I'd settle for a more-automated way to have FireFox accept my CA.
Stuff I've Tried
- Using the Mozilla-provided
certutil- but this seems to only deal with client-side certificates, unless I am mistaken. - Modifying
/etc/pki/tls/ca-bundle.crtincluded in theca-certificatespackage. Firefox does not appear to honor this file.
For Firefox: FF stores the certificate in the user profile, you have to import the certificate for each profile on each box. For trusted CA's, the certificate should be in PEM format, and imported using the
certutilcommand (available innss-toolspackage on RedHat):You can use this command to list the certificates:
Then, the certificate can be imported using:
See http://www.dzhang.com/blog/2011/01/29/importing-exporting-firefox-certificates-from-command-line for details.
According to the chromium wiki you can use certutil for chromium. I don't know if this will work for the stock chrome too.
With a little bit of scripting it should be possible to automatically deploy your AD certificate authority in this environment.