kto-ca-install/README.md
2023-06-27 21:05:01 +02:00

1.3 KiB

Install KTO Root Certificates

This repository contains a small setup to automate the delivery of our root certificates to clients.

Files

  • kto.crt is our current only root certificate
  • advancedsettings.xml is a Kodi user configuration file

Installation

  • install.sh copies the certificates to the right location and then reloads the system's certificates (Linux only)

Firefox

On Debian-based distros, the following is required so that Firefox uses system CAs. We add a diversion in dpkg so that Firefox upgrades do not override our change.

sudo dpkg-divert --divert /usr/lib/firefox/libnssckbi.so.orig --rename --local /usr/lib/firefox/libnssckbi.so
sudo ln -s /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so /usr/lib/firefox/libnssckbi.so

Manually import in Kodi

In systems where we cannot import our certificate (LibreELEC, Android (TV)), we need to copy advancedsettings.xml and kto.crt (renamed to cacert.pem) to $HOME_OF_KODI_USER/.kodi/userdata/.

TODO: At least on LibreELEC, this prevents KODI from using system CA, and thus to access "normal" HTTPS resources.

Android (TV)

  1. find Kodi app user data directory (usually /sdcard/Android/data/org.xbmc.kodi)
  2. copy advancedsettings.xml and kto.crt (renamed to cacert.pem) to $KODI/files/.kodi/userdata/