Hey I am new to linux and am trying to trust my root ca but after getting the p11 kit I cannot finish. It says that
mv: cannot stat ‘/usr/lib/firefox-esr/libnssckbi.so’: No such file or directory
which I am sure is some kind of dumb error on my part but I can’t fix it. I understand that it can’t find the file bc it doesn’t exist… but Idk what to do. If anyone could explain like i’m 5 it would be crazy helpful. Thank you
Hi there, and welcome!
What Linux distribution (such as Ubuntu), version (such as 22.04), and browser (such as Firefox) are you setting up?
Thank you for getting back to me. I am using Kali 2023.1
Ubuntu kept crashing for some reason and I got tired of it last night. I’m using firefox-esr
I followed the directions on the start page first running
sudo apt install -y ca-certificates p11-kit
then
libnssckbiso=/usr/lib/firefox-esr/libnssckbi.so && sudo mv $libnssckbiso $libnssckbiso.bak && sudo ln -s /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so $libnssckbiso
but it returns that the directory doesnt exist. I"ve searched the files and the libnssckbiso isn’t there. obviously all other dirs do up to that but its driving me NUTs trying to fix it. Any help would be wildly appreciated. Thank you
My pleasure!
Obviously we cannot test/support every single Linux distribution, so we have tested only the major desktop distros at this time. It sounds like this guide is not going to apply to you, despite Kali being Debian-based (if I recall correctly).
Kali is also purpose-built for penetration testing, and I would personally recommend against using it as a general purpose desktop OS. That said, you obviously have the Freedom to do as you choose with these systems, so if you want to continue, you’ll need to find out how to trust system-level certificates on Kali. If you do, please report back here for the benefit of others.
Ok. Sounds good and when I figure it out I’ll let you guys know. Thank you.
I am trying it now using manjuaro. I’ve ran the commands and am having some of the same problems. I’ve trusted and installed the CA for both the OS and and Firefox - when I try to connect via Https it says " Secure connection failed
Peer received a valid certificate, but access was denied"
Can you help? Sorry to bother you, I just really want this to work outside of my regular windows environment.
Did you try adding the cert in both the OS (system-level) and browser?
Yes. I followed the directions. Both OS and Browser. It completed fine, but am receiving the above error when I try to visit. I can connect via ssh just fine but not through the browser.
Does it work with the IP address? (You must be on eOS version 0.3.4 or higher for this to work)
You may need to install Avahi for your system. If I recall correctly, Manjaro has their own repositories, so I’m not certain what packages these will be for you. On Arch, 3 services run: avahi-daemon.socket, avahi-daemon.service, and avahi-dnsconfd.service. eOS uses mDNS aliasing for services, which may require an additional Avahi package for your distro. Let us know so we can make a note in the docs for others.
To be sure this is your machine (and not your Embassy), you can of course test on another device (ideally not with Manjaro).
Avahi in particular, and mDNS aliasing in general, have proven to be unreliable and sometimes (like this time), overly complex. As a result, we will be adding new LAN connectivity options, and possibly deprecating the existing option. Keep an eye out later this year for those updates.