Gerowen Posted October 1, 2011 Share Posted October 1, 2011 Not sure how many of you this will apply to. Many of you may notice that, if you run Linux and use Google Chrome, you get prompted to "Proceed Anyway" any time you try to go to a DoD site, and some of them won't open at all. I've tried various methods of importing the certificates using Google Chrome and it never worked. The way I managed to get it to work was to use certutil to import the certificates into your personal PKI store so that not only Google Chrome, but other applications have trusted access to the root certificates. I read about it on this web-page. I wrote a short bash script to automate the process for you, and thought I would share with you guys. Download the Script Here Here's the source code of it if you just want to run the commands yourself: #!/bin/bash #DoD Root Certificate Installer Version 1 #Downloads and installs the DoD root certificates so browsers like Google Chrome can open and use DoD sites without bugging the hell out of you. #Written for use on a Debian system. If you're not using Debian the commands are still relevant, just make sure you have the program certutil available, and remove the part that installs libnss3-tools #Marcus Dean Adams (marcusdean.adams@gmail.com) 30 September 2011 #Makes sure the script is running as a normal user, so the certificates will get imported into their personal certificate store, and not the one for the root account. if [[ $EUID = 0 ]]; then echo "This script must be run as your normal user account, if you REALLY want to import these certs as root, just edit this script and remove this whole section." 1>&2 exit 1 fi #Installs libnss3-tools on Debian based systems; this package provides the certutil functionality. echo "Installing pre-requisite..." echo "" su-to-root -c "apt-get -y install libnss3-tools" #This makes a temporary folder in the $HOME of the current user named .dodcerts, downloads the certificates to there, installs them, then removes the folder. echo "Downloading and installing certificates..." mkdir $HOME/.dodcerts cd $HOME/.dodcerts wget http://dodpki.c3pki.chamb.disa.mil/rel3_dodroot_2048.p7b wget http://dodpki.c3pki.chamb.disa.mil/dodeca.p7b wget http://dodpki.c3pki.chamb.disa.mil/dodeca2.p7b for n in *.p7b; do certutil -d sql:$HOME/.pki/nssdb -A -t TC -n $n -i $n; done rm -rf $HOME/.dodcerts #Exits properly. exit Link to comment https://www.neowin.net/forum/topic/1029370-dod-root-certificate-installation-in-linux/ Share on other sites More sharing options...
Recommended Posts