zertrin, le 10/09/2014 à 11:55
[Content of the page mirrored here]

rvandegrift
Nov 27th 2012


There are instructions [1] to force Zotero Standalone to ignore certificate validation errors. This is good enough for self-signed certificates, but if you have a signed certificate from a CA that Zotero doesn't recognize, you can do better.

You will need certutil from the Mozilla NSS tools and a copy of your issuer's CA certificate. In Debian, you can find certutils in the libnss3-tools package.

The certificate is then installed with this command:
certutil -d <profile dir> -A -n <name> -i <cacert> -t "C,,"

<profile dir> is the directory of your Zotero Standalone profile (mine is ~/.zotero/zotero/<random junk>.default).
<name> is a user-friendly name to call it.
<cacert> is the path to the CA certificate file.
"C,," tells NSS to trust the server certificates issued by the CA.

If your CA requires any intermediate certificates, you'll need to modify the trust parameters and add the intermediate authorities. See the details on using certutil to manage certificates at [2].

[1] - http://www.zotero.org/support/kb/cert_override
[2] - http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html
(Permalink)