Deploy internal CA to linux clients
Solution 1:
For Firefox: FF stores the certificate in the user profile, you have to import the certificate for each profile on each box. For trusted CA's, the certificate should be in PEM format, and imported using the certutil
command (available in nss-tools
package on RedHat):
You can use this command to list the certificates:
certutil -L -d ~/.mozilla/firefox/[profile]
Then, the certificate can be imported using:
certutil -A -n 'Certificate Name' -t CT,, -d ~/.mozilla/firefox/[profile] < /path/to/certificate.pem
See http://www.dzhang.com/blog/2011/01/29/importing-exporting-firefox-certificates-from-command-line for details.
According to the chromium wiki you can use certutil for chromium. I don't know if this will work for the stock chrome too.
With a little bit of scripting it should be possible to automatically deploy your AD certificate authority in this environment.