1.3 KiB
1.3 KiB
Install KTO Root Certificates
This repository contains a small setup to automate the delivery of our root certificates to clients.
Files
kto.crt
is our current only root certificateadvancedsettings.xml
is a Kodi user configuration file
Installation
install.sh
copies the certificates to the right location and then reloads the system's certificates (Linux only)
Firefox
On Debian-based distros, the following is required so that Firefox uses system CAs. We add a diversion in dpkg so that Firefox upgrades do not override our change.
sudo dpkg-divert --divert /usr/lib/firefox/libnssckbi.so.orig --rename --local /usr/lib/firefox/libnssckbi.so
sudo ln -s /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so /usr/lib/firefox/libnssckbi.so
Manually import in Kodi
In systems where we cannot import our certificate (LibreELEC, Android (TV)), we need to copy advancedsettings.xml
and
kto.crt
(renamed to cacert.pem
) to $HOME_OF_KODI_USER/.kodi/userdata/
.
TODO: At least on LibreELEC, this prevents KODI from using system CA, and thus to access "normal" HTTPS resources.
Android (TV)
- find Kodi app user data directory (usually
/sdcard/Android/data/org.xbmc.kodi
) - copy
advancedsettings.xml
andkto.crt
(renamed tocacert.pem
) to$KODI/files/.kodi/userdata/