On 13.04.2019 23:21, Tyler A wrote: > I found a temporary solution that at least lets me visit the sites in Firefox. > > However this doesn't fix OpenSSL (thus things like curl, wget). > > #!/usr/bin/env bash > > sudo apt-get install libnss3-tools > > downloadCerts=(http://cacerts.thawte.com/ThawteRSACA2018.crt > http://cacerts.geotrust.com/GeoTrustRSACA2018.crt) > > wget -c "${downloadCerts[@]}" > > for f in *.crt; do > fbasename=${f%.crt} > openssl x509 -inform der -outform pem -in "$f" -out "$fbasename".pem > find ~ -name cert9.db -printf '%h\0' | > while IFS= read -rd '' certDir; do > certutil -A -n "${fbasename}" -t "TCu,Cuw,Tuw" -i "${fbasename}".pem > -d sql:"$certDir" > done > done > This script imports certificates into Mozilla Firefox own NSS DB. You can do the same procedure more easily in Firefox GUI with "Certificate Manager". ("Preferences" >> "Privacy & Security", click "View Certificates")
-- With kindest regards, Alexander. ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org ⠈⠳⣄⠀⠀⠀⠀
