Re: [arch-general] CA certifcates
On 05/30/2014 05:15 AM, Eduardo Machado wrote: > 2014-05-29 5:30 GMT-03:00 Timothée Ravier : > >> On 29/05/2014 04:30, Eduardo Machado wrote: >>> But... This week, after a system upgrade both Firefox and Chrome, >>> stopped to reflect this, even after i did all the above process >>> again. >>> >>> Firefox and Chrome are not using the ca-certificates package? Is >>> there a way to do what i'm trying to do (a central point to manage >>> certificates for all apps, especially browsers)? >> >> Fedora has been working on something close to what you'd want: one place >> to manage all certificates: >> >> http://fedoraproject.org/wiki/Features/SharedSystemCertificates >> >> I don't know how hard it would be integrate this into Arch Linux. >> > > I will study this so i can help. Anyone already looking into this? > > But what was strange for me was that doing the steps i listed above it > worked at Arch some months ago... > > Do you know where Firefox or Chrome look for this list of CA certs? > > Firefox uses certificates from NSS database which is I believe compiled into NSS library (the same file is used to generate most if not all of ca-certificates though). I presume chrome/ium does the same. >> >>> And, a last question, is there a way to run a script after a >>> specific package upgrade? >> >> I think this has been discussed at some point but this hasn't been >> implemented yet as far as I remember. >> >> -- >> Timothée Ravier >> > > Thanks for the answer. > -- Note: My last name is not Krejzi.
Re: [arch-general] CA certifcates
2014-05-29 5:30 GMT-03:00 Timothée Ravier : > On 29/05/2014 04:30, Eduardo Machado wrote: > > But... This week, after a system upgrade both Firefox and Chrome, > > stopped to reflect this, even after i did all the above process > > again. > > > > Firefox and Chrome are not using the ca-certificates package? Is > > there a way to do what i'm trying to do (a central point to manage > > certificates for all apps, especially browsers)? > > Fedora has been working on something close to what you'd want: one place > to manage all certificates: > > http://fedoraproject.org/wiki/Features/SharedSystemCertificates > > I don't know how hard it would be integrate this into Arch Linux. > I will study this so i can help. Anyone already looking into this? But what was strange for me was that doing the steps i listed above it worked at Arch some months ago... Do you know where Firefox or Chrome look for this list of CA certs? > > > And, a last question, is there a way to run a script after a > > specific package upgrade? > > I think this has been discussed at some point but this hasn't been > implemented yet as far as I remember. > > -- > Timothée Ravier > Thanks for the answer.
Re: [arch-general] CA certifcates
On 29/05/2014 04:30, Eduardo Machado wrote: > But... This week, after a system upgrade both Firefox and Chrome, > stopped to reflect this, even after i did all the above process > again. > > Firefox and Chrome are not using the ca-certificates package? Is > there a way to do what i'm trying to do (a central point to manage > certificates for all apps, especially browsers)? Fedora has been working on something close to what you'd want: one place to manage all certificates: http://fedoraproject.org/wiki/Features/SharedSystemCertificates I don't know how hard it would be integrate this into Arch Linux. > And, a last question, is there a way to run a script after a > specific package upgrade? I think this has been discussed at some point but this hasn't been implemented yet as far as I remember. -- Timothée Ravier
[arch-general] CA certifcates
Hi, some months ago i needed to setup a Certificate Authority and add it's root certificate to the client machines, so i figured out and added the CA certificate to /usr/share/ca-certificates, edited the /etc/ca-certificates.conf to reflect this and them run "update-ca-certificates --fresh --verbose". this added the CA to the SSL certs and generated the file with all the certificates in /etc/ssl/certs/ca-certificates.crt So when i used Firefox and Chrome, it reflected this and the server certificate was validated. But... This week, after a system upgrade both Firefox and Chrome, stopped to reflect this, even after i did all the above process again. Firefox and Chrome are not using the ca-certificates package? Is there a way to do what i'm trying to do (a central point to manage certificates for all apps, especially browsers)? And, a last question, is there a way to run a script after a specific package upgrade? Thanks, --- Eduardo M. Machado