GUI for certificate management - Frontend for certutil

marlinus · 27 Jul 2024, 19:52

To import trusted certificates Vivaldi relies on the tool certutil.
It would have been great if the Vivaldi settings included a gui to manage certificates, like a frontend to certutil.

DoctorG · 28 Jul 2024, 07:51

@marlinus That worked in the past with internal page chrome://settings/security , in section Manage Certificates.

Hadden89 · 28 Jul 2024, 11:38

@DoctorG It still works.

@marlinus Is how chromium and thus vivaldi handle the certs on windows.

But you can use certmgr.msc ( current user ) or certlm.msc ( local machine )
if you need a GUI to do operations with certs.

marlinus · 28 Jul 2024, 15:02

As shown in this thread
https://forum.vivaldi.net/topic/99724/importing-certificate-fails?_=1722177765535

the
chrome://settings/security
page fails to import self signed certificates.

@DoctorG showed me how to use the certutil for the purpose.
And even if chrome://settings/security had worked, linking to it from the settings -> privacy and security, or at least add a note to the settings dialog would have been very helpful.

And as chrome://settings/security does not work (at least not for self signed certs) adding a chapter to settings -> privacy and security looking like below would be very helpful:

Manage Certificates
Certificates are managed through the url chrome://settings/security
If that url fails to manage your certificates you could try the certutil command line tool from the nsstools package.

To import a trusted CA certificate for use with web and mail use the command:
certutil -d sql:$HOME/.pki/nssdb -A -t "C,C,c" -n "CA mydomain.net" -i CaCertFile.pem

To import a trusted server certificate for use with web and mail use the command:
certutil -d sql:$HOME/.pki/nssdb -A -t "P,P," -n "server.mydomain.net" -i serverCertFile.pem

To list installed certificates run:
certutil -d sql:$HOME/.pki/nssdb -L

Just this text in the settings -> privacy and security would save hours for an user, and also save some time for the experienced forum helpers.

DoctorG · 29 Jul 2024, 09:00

@marlinus said in GUI for certificate management - Frontend for certutil:

chrome://settings/security
page fails to import self signed certificates.

Yes, Chromium core cause this.

It is advised to import certificates with the certificate manager of the used Operating System.
I fear Vivaldi devs will not program a extra certificate manager in Vivaldi.

HectorB · 8 Sept 2024, 20:36

May I continue this thread?
I wonder if Vivaldi comes with any pre-set/pre-imported certificates or more correctly CA trust chains?
Of does it completely rely on CA from OS?

yngve · 8 Sept 2024, 20:42

@HectorB Chromium now comes with its own basic set of Root certificates (my guess is that they decided to do that after all the problems with "Is this device's OS root store able to connect to Let's Encrypt sites" as the original root expired), although it seem to also access system certs, for roots that are not in that set (and presumably have not been untrusted)