Chromium: updating WebMoney Root Certificate and renewing your X.509 Personal Certificate

Just about a week ago I received an e-mail notification from WebMoney stating that my personal certificate was going to expire very soon and that I had to get it updated since "… the Certificate Authority Server of WebMoney Transfer system has been modified." This week was rather busy for me and I knew that it would take a while to get it done right so I decided to postpone tackling this task. Until today. Today is a big catch-up day on all things possible that were put on either hold or to-do list or read it later list and/or subjected to any other imaginable time management technique.

It took some time and a bit of poking around (as I expected) but the drill comes down to these three commands eventually:

% certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n new.wm.root.cert -i cert.wmtransfer.com_WebMoney\ Transfer\ Root\ CA.crt
% pk12util -d sql:$HOME/.pki/nssdb -i wmid-2800878xxxxx-expon_20120530.p12
% chromium-browser --auto-ssl-client-auth

To begin with you have to install new Root Certificate:

% certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n new.wm.root.cert -i cert.wmtransfer.com_WebMoney\ Transfer\ Root\ CA.crt

Then WebMoney generates a new X.509 Personal Certificate and asks you (on the web-site) that you back it up. I simply exported it (backed it up) via Firefox in *.p12 format since as of day of this post WebMoney still doesn’t support fully Chromium and it wouldn’t let me create a new x.509 Personal Certificate via its web-interface because I was using Chromium so I had to run Firefox to first set all things up in it and then move on to having fun with Crhomium. Anyway, at this point you need to get your x.509 Personal Certificate working with Chromium and you do it by issuing the following command on your console:

% pk12util -d sql:$HOME/.pki/nssdb -i wmid-2800878xxxxx-expon_20120530.p12

Now try logging into WebMoney Transfer System. Chances are your Chromium will fail. If this is the case stop (close) Chromium and restart it with --auto-ssl-client-auth command line option:

% chromium-browser --auto-ssl-client-auth

This should let your Chromium silently authenticate itself with x.509 Personal Certificate in WebMoney Transfer System.

Some helpful bits of information:

http://code.google.com/p/chromium/wiki/LinuxCertManagement
http://www.mozilla.org/projects/security/pki/nss/tools/pk12util.html (Somehow there’s no man page for pk12util on ArchLinux)

Advertisements