Certificates

prereq

sudo apt-get install libnss3-tools curl

Getting certificates

Firefox will let you directly install a .cer file from some sites (e.g. the nvidia site below). It will also let you download/save a .cer file. Chrome will let you save the .cer file.

You can also export a .pem file from firefox certificate manager. (Use the .pem file in place of the .cer file below (e.g. for the -i option).)

You can also get one from a certificate authority host with

    curl -k -o "cacert-root.crt"   "http://www.cacert.org/certs/root.crt"

or try

    echo "QUIT" | openssl s_client -connect hostname.com:port 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > file.cer

where hostname.com is the place and port is the port (usually 443).

Install certificates

Firefox just lets you install directly.

For Chrome use:

    certutil -d sql:$HOME/.pki/nssdb -A -t "TC" -n "CAcert.org" -i cacert-root.crt
    certutil -d sql:$HOME/.pki/nssdb -A -t "TC" -n "nvidia.com" -i certnew.cer

-i option is .cer file
-n option is nickname (use whatever you want) -t option is what certificate can do (not sure what this means)

Managing certificates

List all:

    certutil -d sql:$HOME/.pki/nssdb -L

Show details of "nvidia.com" certificate:

    certutil -d sql:$HOME/.pki/nssdb -L -n nvidia.com

Delete "nvidia.com" certificate:

    certutil -d sql:$HOME/.pki/nssdb -D -n nvidia.com

NVIDIA certificates

Get them here: https://pki.nvidia.com/certsrv/certcarc.asp