Adsense Leaderboard Ad


How to Install DoD Root Certificates in Google Chrome on Linux

I was unable to find full working directions for this so hopefully this helps someone.  I tested on Fedora 25 and Red Hat 7.

Go to:

Scroll all the way to the bottom until you see "PKI CA Certificate Bundles: PKCS#7"

Click the download link that says "For DoD PKI Only - Version 5.0"

When the zip file is done downloading, open a terminal and go to that directory and unzip the file.


Now cd into the newly created directory.

cd Certificates_PKCS7_v5.0u1_DoD/

Now run the following command to import the p7b files:

for n in *.p7b; do certutil -d sql:$HOME/.pki/nssdb -A -t TC -n $n -i $n; done

To check the status of the certs installed you can run:

certutil -d sql:$HOME/.pki/nssdb/ -L

1 comment:

  1. Thanks for the help but returned an error when importing:
    "certutil: could not decode certificate: SEC_ERROR_BAD_DER: security library: improperly formatted DER-encoded message."

    Although the check appeared OK:
    Certificate Nickname Trust Attributes

    Certificates_PKCS7_v5.0u1_DoD_DoDRootCA4_withCAs_FirefoxChromeOS.der.p7b CT,,
    Certificates_PKCS7_v5.0u1_DoD_DoDRootCA2_withCAs_FirefoxChromeOS.der.p7b CT,,
    Certificates_PKCS7_v5.0u1_DoD_DoDRootCA3_withCAs_FirefoxChromeOS.der.p7b CT,,
    Certificates_PKCS7_v5.0u1_DoD_OSX_CAsOnly.der.p7b CT,,