This message gets annoying working with PUM images. The browser complains about the SSL certificate even though it’s just a temporary one and you’re not working on production or sensitive data.
So, I worked through telling my browser to trust the certificate. Here are my notes…
Downloading the Certificate from Firefox
Before we can get the browser to trust the certificate, we need to get access to the certificate. So, here’s the easy way assuming you are in a Firefox browser. I’ll try from
First, click on the lock by the URL and then click on the “Connection not secure” message in the menu.
Now, click the View More Information option to open the properties window.
This opens a window open with details about the site. So, click on the View Certificate button.
This opens a new web page / tab with all kinds of details about the certificate. If you scroll down to the Miscellaneous section, you can find a download link. That will download a PEM file with the certificate in it.
Installing the Certificate in Oracle Linux
First, I found the Firefox certificate database:
$ find ~/ -name "cert8.db"
$ find ~/ -name "cert9.db"
/home/PS/.mozilla/firefox/6n8rm3sx.default-default/cert9.dbAs I understand it, this command should import the certificate. The command works, but Firefox still complains.
certutil -d sql:/home/PS/.mozilla/firefox/6n8rm3sx.default-default -A -t P -n "My PS Cert" -i $HOME/Downloads/tr46-digitaleagle-net.pemSo, the fix was to use the -t C option. P is for “trusted peer” and C is for “trusted CA to issue server certs”.
certutil -d sql:/home/PS/.mozilla/firefox/6n8rm3sx.default-default -A -t C -n "My PS Cert" -i $HOME/Downloads/tr46-digitaleagle-net.pemJust for thoroughness, certutil came pre-installed in the PUM where I was working. But, if you don’t have it, I found it is part of the nss-tools package.
$ which certutil
/usr/bin/certutil
$ rpm -q --whatprovides /usr/bin/certutil
nss-tools-3.79.0-5.el7_9.x86_64Downloading the Certificate from Chrome
So, what if you have Chrome. Or, in my case, I currently have Chromium. The process is basically the same. Click on the “Not Sure” warning by the URL, then click on the “Certificate is not valid” message.
This should open a dialog with information about the certificate. Go to the Details tab and click on Export. That should allow you to save the file.
I saved the file as a .crt file in my Downloads folder. The File type was set to Base64-encoded ASCII, single certificate.
Installing the Certificate in Ubuntu
First, my Ubuntu installation didn’t already have certutil installed. So, I installed the libnss3-tools package.
sudo apt install libnss3-toolsFor Chrome, the database folder should be in .pki/nssdb directory. But, I ran both commands and it didn’t make a difference.
certutil -d sql:$HOME/.pki/nssdb -A -t P -n "tr46-digitaleagle-net" -i $HOME/Downloads/tr46.digitaleagle.net.crt
certutil -d sql:$HOME/.pki/nssdb -A -t C -n "tr46-digitaleagle-net" -i $HOME/Downloads/tr46.digitaleagle.net.crtSo, I ran my find command:
find ~/ -name "cert9.db"That pointed out to me that my Chromium is actually installed as a snap. So, I need to use the nssdb folder inside the snap. So, this did the trick:
certutil -d sql:$HOME/snap/chromium/2572/.pki/nssdb -A -t P -n "tr46-digitaleagle-net" -i $HOME/Downloads/tr46.digitaleagle.net.crt
Alt option: load one of your own valid certificates into Weblogic