Just mine, but it’s actually just Neon with Tuxedo kernel
But the rest are standard Kubuntu/Ubuntu 24.04
I poked into few of the ones I deployed and I noticed that all of them DO have the certificates, and /etc is indeed binding
However, Firefox still doesn’t use those certificates
even if you properly put them into /etc/ssl/certs ?
Nope. In fact, putting my certs there actually breaks Chrome’s access to our certificates. Didn’t seem to have fixed Firefox’s certificate either so it’s still a loss.
I have a separate system with Kubuntu 24.04, so going forward, I’ll use that to test instead of my Neon 24.04. I can at least confirm that the certificates in /etc/ssl/certs/ca-certificates.crt match with the one in the system for Ubuntu and Kubuntu, and tested to be sure that binds are working correctly.
I only researched this again because I got the time, and I realized that my workaround to force Chrome to see our root and intermediate certificates for 22.04 didn’t work for 24.04 (that one I just solved).
Just a hypothesis, but I think this needs to be done inside the Snap itself. Its weird that I have to do this hacky workaround just for a web browser to use the system’s certs.
I’ve confirmed that it works with Chrome (local install), and 24.04 has a different libnssckbi.so path (already tweaked my Ansible script at work).
/usr/lib/x86_64-linux-gnu/nss/libnssckbi.so/usr/lib/x86_64-linux-gnu/libnssckbi.so