Search This Blog

Sunday, September 10, 2017

Install Internet Rimon Root Certificate on Linux

I had a bit of trouble with this; i decided to post the solution for anyone else.

Internet Rimon is an Israeli ISP for "kosher" (filtered) internet. Because they check each page, they want access to your encrypted pages also. To enable this, you need to install a root certificate from them. (If you don't, you get an invalid certificate error, and pages with HSTS enabled simply won't load.) I know, filtered internet and FLOSS don't usually go together, but sometimes you're not in control...
Apparently it's not to difficult to get around their filtering (use a VPN), but i decided it wasn't worth my while and i'll just play by the rules.

On a "normal" (read: Windows) setup, you go to their certificate download page and choose your browser. There are 4 options: IE, Chrome, Firefox, Safari (Mac only).
I don't know this is specifically set up for Windows yet. I'm using Chrome, so i pick Chrome.

Chrome (and IE) take you to a download for a myca.reg file, which is for modifying the Windows registry, arguably the simplest solution for a non-technical user (3 clicks and you're done). Needless to say, this doesn't work on Linux.

So now i try the Firefox option. The image instructions seem even simpler (on Windows) than for Chrome. Downloading the file gets you a myca.crt file, the actual certificate, which is what you need. It is available at the time of this writing here. Opening the file on my Ubuntu machine brought up a viewer with an option to import, so i clicked, but it didn't work (sites still blocked). It could be i needed a restart; i didn't check (update: didn't work after restart).

To import it into Chrome, open settings, scroll to Privacy and Security (or search for cert), and click on manage certificates. You will see 4 tabs: Your Certificates, Servers, Authorities, and Others. There is an import button in the middle of the screen. Don't click it. I tried this at first and came up with a missing private key error.
Go to the Authorities tab and import from there. You'll need to check at least the first box (Trust this certificate for identifying websites); i didn't bother with the rest. The CA name is Netspark. You are now good to go.

For Firefox, open preferences, go to the advanced tab, then certificates. Choose the authorities tab and import. Same instructions as for Chrome.

Note that this does not install it as a root certificate on the computer, so other programs (e.g. command line) trying to access secure sites won't work.

For completeness, the Safari option downloads a .dmg file, which probably (i haven't tested) applies system-wide and will work on Mac no matter what browser you're using.