Install root certificate

I want to install NixOS on a computer that accesses the internet through a proxy that needs a root certificate.
Below is the instructions how to acquire and install this certificate on other versions of Linux.
How can I do this on an out-of-the-box installation of NixOS?
The catch is that the system will not be able to update or download packages until the certificate is already installed. But I can install the certificate manually in Firefox, and download packages that way, if necessary.

http://wiki.netfree.link/wiki/Installation_of_certificate_in_Linux_operating_system

This script is active in Linux distributions based on Debian, CentOS, Alpine and ArchLinux.

Open the command line,run the following command:

curl -sL https://netfree.link/dl/unix-ca.sh | sudo sh

Or

curl -sL https://netfree.link/dl/unix-ca.sh | sh

Sometimes the command will fail due to the fact that curl isnโ€™t installed, and it will give a message: Command 'curl' not found

To fix this, enter the command:

sudo sh -c โ€œ(apt update && apt install -y curl) || yum install -y curl || apk add curlโ€

Then re-run the previous command.

It is recommended that you restart the computer after this.

:warning: In order to install the certificate you need root permission.

:warning:To use Firefox you must install the security certificate separately. You can also install a certificate for Chrome individually.

1 Like

Get the cert manually and add it to security.pki.certificates should do, unless I understand the problem statement wrong.

1 Like

So you want to Man in the middle your own network. Interesting. Burp is it?

It is actually a content-filtering service. All your incoming internet traffic goes through them before it gets to you.

Oh sounds interesting , what is this system?

Not sure it will be super interesting to youโ€ฆ
Netfree

is a paid service for people who are not fond of seeing obscenity or hate or other bad stuff when they are browsing the internet. It is sort of like parental control, but for adults.
As you mentioned, this service in the middle of your internet traffic, so you need to trust them implicitly, but it works pretty well.

1 Like

Okay, where do I find security.pki.certificates on my system? Is this a separate config file somewhere, or a section of a more general config file? Maybe it is a section I need to create in nix.config? :thinking:

It is an option for the systems configuration as any other else.

e.g.

  security.pki.certificates = [
    ''
      -----BEGIN CERTIFICATE-----
      MIIFCTCCAvGgAwIBAgIQZr โ€ฆ 
      โ€ฆg3odD/oqxGnEFJwbaEnnNm5cafOTWeOLfbLEkq/TZC4oggetUAeTT
      -----END CERTIFICATE-----
    ''
  ];
1 Like

That text snippet goes into my nix.config?
If so, where to put it? At the end, before the final }?

Interesting that you put a semicolon after the closing bracket. Maybe that was my mistake, I omitted the semicolon.

For some reason, the official documentation also omits the semicolon:
https://search.nixos.org/options?channel=22.11&show=security.pki.certificates&from=0&size=50&sort=relevance&type=packages&query=certificates