I found a temporary solution that at least lets me visit the sites in Firefox.
However this doesn't fix OpenSSL (thus things like curl, wget). #!/usr/bin/env bash sudo apt-get install libnss3-tools downloadCerts=(http://cacerts.thawte.com/ThawteRSACA2018.crt http://cacerts.geotrust.com/GeoTrustRSACA2018.crt) wget -c "${downloadCerts[@]}" for f in *.crt; do fbasename=${f%.crt} openssl x509 -inform der -outform pem -in "$f" -out "$fbasename".pem find ~ -name cert9.db -printf '%h\0' | while IFS= read -rd '' certDir; do certutil -A -n "${fbasename}" -t "TCu,Cuw,Tuw" -i "${fbasename}".pem -d sql:"$certDir" done done -- Tyler (tya99) rsa4096/0x9C9954F88E388859
