Since a recent version, Google Chrome maintains its own “local store” for SSL root certificates, allowing users to trust certificates without installing them at the Windows OS level. You can view this store at: "chrome://certificate-manager/localcerts"
User?added certificates appear under “User Certificates” at: "chrome://certificate-manager/localcerts/usercerts"
I’d like to automate adding a certificate to Chrome’s local store via command line using a .bat script.
I located the file: < Chrome Profile Directory >\Default\ServerCertificate
It’s an SQLite3 database that stores certificates in DER format. Using the sqlite3 command, I inserted my DER?encoded certificate into the ServerCertificate table. After restarting Chrome, I see that one certificate appears under Local Store (chrome://certificate-manager/localcerts), but it does not show up under User Certificates ("chrome://certificate-manager/localcerts/usercerts").
And of course, the certificate does not work, I must be missing a file to edit.
Which file(s) or registry entries does Chrome update when you manually import a Root CA into its local store? In other words, what else besides the ServerCertificate SQLite database needs to be modified so that a batch script can replicate the manual Import.
