Так как в хромиуме нет встроенного менеджера сертификатов, пришлось написать небольшой скрипт для автоматизации добавлени/просмотра/удаления сертификатов. Чтобы не возиться руками с certutil.
#!/bin/sh
# Print error and exit.
die()
{
echo "ERROR: $1" 1>&2
exit 1
}
# Find required program.
findExec()
{
which "$1" 2>/dev/null || die "$1 not found"
}
# Print simple HTTP request.
printHTTPRequest()
{
printf "HEAD / HTTP/1.1\n"
printf "Host: %s\n" "${1}"
printf "Connection: Close\n"
printf "\n"
}
# Add certificate from standard input and add it to NSS DB.
addCertificate()
{
# Create NSS certificate database if it's not exist.
if [ ! -e "${NSSDB_PATH}" ]; then
echo "Creating new NSS DB in '${NSSDB_PATH}'..."
$E_MKDIR -p "${NSSDB_PATH}" || \
die "Can't create directory '${NSSDB_PATH}'."
$E_CERTUTIL -d "sql:${NSSDB_PATH}" -N -f /dev/null 2>/dev/null || \
die "Can't create NSS database."
fi
$E_CERTUTIL -d "sql:${NSSDB_PATH}" -A -t 'C,,' -n "${1}" || \
die "Can't add certificate."
echo "New certificate '${1}' successfully added to NSS DB!"
}
# Get SSL certificate from web server and add it to NSS DB.
addCertificateFromWeb()
{
local h p
local cert
# Parse URL.
h=$( echo "${1}" | \
$E_SED -n 's,^\(\(https://\)\|\)\([^/]*\).*$,\3,p' )
p=$( echo "${h}:" | $E_CUT -d ':' -f 2 )
h=$( echo "${h}" | $E_CUT -d ':' -f 1 )
[ -z "${p}" ] && p=443
[ -n "${h}" ] || die "Invalid URL: '${1}'."
# Get certificate.
echo "Requesting certificate from ${h}:${p}..."
cert=$( printHTTPRequest "${h}" | \
openssl s_client -connect "${h}:${p}" 2>/dev/null ) || \
die "Can't get certificate."
# Add certificate to NSS DB.
echo "${cert}" | addCertificate "${h}"
}
# Add certificate from file to NSS DB.
addCertificateFromFile()
{
local name
name=$( $E_BASENAME "${1}" )
cat "${1}" | addCertificate "${name}"
}
# List all certificales in NSS DB.
listCertificates()
{
$E_CERTUTIL -d "sql:${NSSDB_PATH}" -L || die "Can't list certificates."
}
# Delete certificate from NSS DB.
deleteCertificate()
{
$E_CERTUTIL -d "sql:${NSSDB_PATH}" -D -n "${1}" || \
die "Can't delete certificate '${1}.'"
echo "Certificate '${1}' successfully deleted from NSS DB!"
}
# Find path to NSS DB.
[ -n "${HOME}" ] || die 'HOME environment variable not defined'
NSSDB_PATH="${HOME}/.pki/nssdb/"
# Find required programs.
findExec 'which' >/dev/null
E_MKDIR=$( findExec 'mkdir' )
if which 'certutil' >/dev/null 2>&1; then
E_CERTUTIL=$( findExec 'certutil' )
else
E_CERTUTIL=$( findExec 'nsscertutil' )
fi
E_SED=$( findExec 'sed' )
E_CUT=$( findExec 'cut' )
E_BASENAME=$( findExec 'basename' )
# Parse command line.
if [ $# -eq 0 ]; then
listCertificates
elif [ $# -eq 1 ]; then
addCertificateFromWeb "${1}"
elif [ $# -eq 2 ]; then
if [ "x${1}" = 'xf' ]; then
addCertificateFromFile "${2}"
elif [ "x${1}" = 'xd' ]; then
deleteCertificate "${2}"
else
die 'Invalid command line.'
fi
else
die 'Invalid command line.'
fi
- chrcert - вывести список сертификатов.
- chrcert example.org - получить SSL-сертификат с веб-сервера и добавить его, можно указывать полный URL
- chrcert f /path/to/certificate.crt - добавить сертификат из файла
- chrcert d name - удалить сертификат с именем name
Если вы нашли в скрипте какой-то баг или хотите предложить улучшение - пишите =).
