mkcert icon indicating copy to clipboard operation
mkcert copied to clipboard
verified publisher icon FiloSottile

How to install Root CA to puppeteer's chromium?

Open jedie opened this issue 6 years ago • 2 comments

A simple mkcert -install isn't enough to "inject" the Root CA to Chromium from puppeteer.

Anybody have any good advice?

EDIT: Note: I run puppeteer in docker, maybe this is the problem. Whatever. The problem is that ~/.pki/nssdb doesn't exist. So i came to this work-a-round:

mkdir -p $HOME/.pki/nssdb
certutil -d sql:$HOME/.pki/nssdb -N --empty-password
/root/bin/mkcert -install

And now, the Chromium called via puppeteer can verify the ssl certificates and '--ignore-certificate-errors' is not needed, any more.

jedie avatar Nov 13 '19 13:11 jedie

@jedie When you say you did that workaround, you mean in your docker file, or on the host machine?

radum avatar Mar 18 '21 15:03 radum

In my own case, the workaround wasn't working, until I found out that chromium tries to open the NSS db at /tmp/.pki/nssdb instead of ~/.pki/nssdb.

Since mkcert -install assumes .pki/nssdb to be anchored to $HOME it can be fixed with this modification:

HOME=/tmp /root/bin/mkcert -install

masterzen avatar Aug 26 '21 13:08 masterzen