From: David A Benjamin Date: Sun, 15 Nov 2009 03:36:16 +0000 (-0500) Subject: Chrome should be able to generate certs X-Git-Url: https://sipb.mit.edu/gitweb.cgi/wiki.git/commitdiff_plain/52fc51217a45c5eb8fa0d87eed7b19083179f590?hp=f36cac0f8d72f050eed9ca731b37ac330fe8e322 Chrome should be able to generate certs --- diff --git a/doc/enabling_client_certificate_auth_in_chrome.html b/doc/enabling_client_certificate_auth_in_chrome.html index 697348f..2e47958 100644 --- a/doc/enabling_client_certificate_auth_in_chrome.html +++ b/doc/enabling_client_certificate_auth_in_chrome.html @@ -11,9 +11,7 @@ to install libnss3-tools, then run "certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n -i " for both the MIT CA and (if you want it) the CSAIL CA.

-

The easiest way to install a client cert in the nss database is simply to -install it on Firefox; at that point, it should be in the list of certificates -you get when you run "certutil -d sql:$HOME/.pki/nssdb -L". If not, go back to +

Recent Linux builds should be able to generate certificates via the usual web interface, however there will be no UI feedback in doing so. Failing that, the easiest way to install a client cert in the nss database is simply to install it on Firefox; at that point, it should be in the list of certificates you get when you run "certutil -d sql:$HOME/.pki/nssdb -L". If not, go back to the LinuxCertManagement page and do it manually.

Here's the last key to the puzzle: Chrome on Linux currently lacks a UI for selecting a certificate, so run it with the --auto-ssl-client-auth flag. Enabling this flag configures Chrome to automatically send an certificate to websites without prompting, as Firefox will do under certain configurations. This is considered a privacy issue; see UI notes #3 in the Chromium design document and the linked Mozilla bug. Bug #25241 tracks this issue in Chrome on Linux.