--- /dev/null
+<p>So, you want to run Chrome (or Chromium), but you're annoyed by the lack of
+client certificate authentication on Linux. Turns out, this is relatively easy
+to solve, there's just no UI for it as of yet. (As of 11/13/2009.) (Note: I'm doing this running the daily build from the chromium-daily ppa on Launchpad - you can add deb http://ppa.launchpad.net/chromium-daily/ppa/ubuntu karmic main to your
+/etc/apt/sources.list if you want to run this. It may work on the official
+Google build as well, I'm not sure.)</p>
+
+<p>You want to use the instructions at
+<a href="http://code.google.com/p/chromium/wiki/LinuxCertManagement">Google's page on LinuxCertManagement</a> to install the MIT
+CA (click "Get the MIT CA" <a href="http://ist.mit.edu/services/certificates/mitca">here</a>
+to download it). You may also want the <a href="http://ca.csail.mit.edu/cacert">CSAIL CA</a> (specifically, the Master CA). If you're
+running Debian or Ubuntu, the short version of that LinuxCertManagement page is
+to install libnss3-tools, then run "certutil -d sql:$HOME/.pki/nssdb -A -t
+"C,," -n <certificate nickname> -i <certificate filename>" for both the MIT CA
+and (if you want it) the CSAIL CA.</p>
+
+<p>The easiest way to install a client cert in the nss database is simply to
+install it on Firefox; at that point, it should be in the list of certificates
+you get when you run "certutil -d sql:$HOME/.pki/nssdb -L". If not, go back to
+the LinuxCertManagement page and do it manually.</p>
+
+Here's the last key to the puzzle: by default, Chrome on Linux runs without SSL
+client cert auth. So run it with the --auto-ssl-client-auth flag. You'll
+probably want to edit both Preferred Applications and the Main Menu entry to
+reflect this, so links you click on outside of Chrome open this way. (Gnome Do
+and similar pull their data from Main Menu, among other places.) Once you've
+done this, you can check your work with
+<a href="https://scripts-cert.mit.edu/~geofft/demo/detect.php">this demo page</a>. If everything is
+working, it should welcome you by name, and tell you that a certificate for
+your username is installed.