kto-ca-install/README.md

# Install KTO Root Certificates

This repository contains a small setup to automate the delivery of our root certificates to clients.

### Files
* `kto.crt` is our current only root certificate
* `advancedsettings.xml` is a Kodi user configuration file
#### Installation
* `install.sh` copies the certificates to the right location and then reloads the system's certificates (Linux only)

### Firefox
On Debian-based distros, the following is required so that Firefox uses system CAs. We add a diversion in dpkg so that
Firefox upgrades do not override our change.
```
sudo dpkg-divert --divert /usr/lib/firefox/libnssckbi.so.orig --rename --local /usr/lib/firefox/libnssckbi.so
sudo ln -s /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so /usr/lib/firefox/libnssckbi.so
```

### Manually import in Kodi
In systems where we cannot import our certificate (LibreELEC, Android (TV)), we need to copy `advancedsettings.xml` and
`kto.crt` (renamed to `cacert.pem`) to `$HOME_OF_KODI_USER/.kodi/userdata/`.

This prevents KODI from using system CA, and thus to access "normal" HTTPS resources. The solution is to concatenate in
`cacert.pem` KODI's "system" cacert and our own CA. The install script does it for LibreELEC, but not for Android (TV).

#### Android (TV)
1. find Kodi app user data directory (usually `/sdcard/Android/data/org.xbmc.kodi`)
2. copy `advancedsettings.xml` and `kto.crt` (renamed to `cacert.pem`) to `$KODI/files/.kodi/userdata/`

### Import in Windows
1. Download the CA
2. Double-click on it
3. On the Certificate dialog box, click Install Certificate to start the Certificate Import Wizard
4. On the Welcome page, click Next
5. On the Certificate Store page, select Place all certificates in the following store and click Browse
6. In the Select Certificate Store dialog box, select Show Physical Stores
7. Double-click Trusted Root Certification Authorities, select Local Computer, and then click OK
8. On the Certificate Store page, click Next
9. On the summary page, review the details and click Finish
Initial commit 2022-11-13 12:13:34 +01:00			`# Install KTO Root Certificates`

			`This repository contains a small setup to automate the delivery of our root certificates to clients.`

			`### Files`
			* `kto.crt` is our current only root certificate
Update README 2023-04-08 18:04:09 +02:00			* `advancedsettings.xml` is a Kodi user configuration file
Initial commit 2022-11-13 12:13:34 +01:00			`#### Installation`
Add Kodi Android conf 2022-12-30 12:23:41 +01:00			* `install.sh` copies the certificates to the right location and then reloads the system's certificates (Linux only)

Add specific Debian use case in install script 2022-12-26 19:37:27 +01:00			`### Firefox`
Add in README the final solution for Debian-based 2023-01-21 17:40:43 +01:00			`On Debian-based distros, the following is required so that Firefox uses system CAs. We add a diversion in dpkg so that`
			`Firefox upgrades do not override our change.`
Add specific Debian use case in install script 2022-12-26 19:37:27 +01:00			```
Add in README the final solution for Debian-based 2023-01-21 17:40:43 +01:00			`sudo dpkg-divert --divert /usr/lib/firefox/libnssckbi.so.orig --rename --local /usr/lib/firefox/libnssckbi.so`
Add specific Debian use case in install script 2022-12-26 19:37:27 +01:00			`sudo ln -s /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so /usr/lib/firefox/libnssckbi.so`
			```
Fix merge conflict in README 2022-12-30 12:25:40 +01:00
Update README 2023-04-08 18:04:09 +02:00			`### Manually import in Kodi`
			In systems where we cannot import our certificate (LibreELEC, Android (TV)), we need to copy `advancedsettings.xml` and
			`kto.crt` (renamed to `cacert.pem`) to `$HOME_OF_KODI_USER/.kodi/userdata/`.

Add LibreELEC case to install script 2023-08-02 20:19:37 +02:00			`This prevents KODI from using system CA, and thus to access "normal" HTTPS resources. The solution is to concatenate in`
			`cacert.pem` KODI's "system" cacert and our own CA. The install script does it for LibreELEC, but not for Android (TV).
Update README 2023-06-27 21:05:01 +02:00
Update README 2023-04-08 18:04:09 +02:00			`#### Android (TV)`
Add Kodi Android conf 2022-12-30 12:23:41 +01:00			1. find Kodi app user data directory (usually `/sdcard/Android/data/org.xbmc.kodi`)
			2. copy `advancedsettings.xml` and `kto.crt` (renamed to `cacert.pem`) to `$KODI/files/.kodi/userdata/`
Add Windows setup in README 2024-05-04 16:48:37 +02:00
			`### Import in Windows`
			`1. Download the CA`
			`2. Double-click on it`
			`3. On the Certificate dialog box, click Install Certificate to start the Certificate Import Wizard`
			`4. On the Welcome page, click Next`
			`5. On the Certificate Store page, select Place all certificates in the following store and click Browse`
			`6. In the Select Certificate Store dialog box, select Show Physical Stores`
			`7. Double-click Trusted Root Certification Authorities, select Local Computer, and then click OK`
			`8. On the Certificate Store page, click Next`
			`9. On the summary page, review the details and click Finish`