Solution: Get own Cacert working for all

proofy · November 20, 2023 at 9:52 AM

I'm nit if that is the best solution, but it works for me.

I'm using LibreELEC on an Intel device and can't find the place where you can set the environment variables permanently. This is apparently not described in the entire wiki. I need it because I am using a firewall that also inspects SSL traffic.

I copied cacert.pem and attached my private ca certificate and pu it to

Code

mkdir -p /usr/share/kodi/system/certs/
cp /usr/share/kodi/system/certs/cacert.pem /storage/local/share/ca-certificates/cacert.pem
cat myPrivateCacert.pem >> /storage/local/share/ca-certificates/cacert.pem

My trick ist to use an own addon script to set the environment variable.

Code

mkdir -p /storage/.kodi/addons/aaa.env/profile.d
echo "export SSL_CERT_FILE='/storage/local/share/ca-certificates/cacert.pem' \nexport CURLOPT_CAINFO=SSL_CERT_FILE \nexport REQUESTS_CA_BUNDLE=$SSL_CERT_FILE" >/storage/.kodi/addons/aaa.env/profile.d/env.profile
reboot

**chewitt** · November 20, 2023 at 11:10 AM

All you need to do is put your own certs in /storage/.config/cacert.pem and reboot. On restart ssl-config.service appends that content to the default cacert.pem file when creating /run/libreelec/cacert.pem which is the symlink target for /etc/ssl/cacert.pem.

**chewitt** · November 20, 2023 at 4:55 PM

New wiki article to cover this topic: https://wiki.libreelec.tv/configuration/ssl-tls-certificates

Solution: Get own Cacert working for all

Similar Threads

OLEDproc add-on

USB DAC with 5.1 output, no sound out of Center and LFE outputs