diff --git a/modules/hic-tre-cert.ps1 b/modules/hic-tre-cert.ps1 index 6ceb0e5..7fff012 100644 --- a/modules/hic-tre-cert.ps1 +++ b/modules/hic-tre-cert.ps1 @@ -39,7 +39,38 @@ zvyXRCnDutC2I48pjubDIKtp2crIOMdsmtBVCQq6gX1Sl/4z4E6BXEWkfVcSBk+O 05i6skiAX2QQcqX+EC/9HQ8UEjKIGeXyR2SxAiACx+1ckj9MHG8nytRAJQ2glmLs ws7bgq7KAqJqvvPyVIeOW0hx4AX+5Q== -----END CERTIFICATE----- -"@ | Out-File -FilePath C:\Tools\hic-tre.dundee.ac.uk.crt +"@ | Out-File -Encoding ASCII -FilePath C:\Tools\hic-tre.dundee.ac.uk.crt Get-Item C:\Tools\hic-tre.dundee.ac.uk.crt | ` Import-Certificate -CertStoreLocation Cert:\LocalMachine\Root + + +# Firefox doesn't use the system certificates by default, but a policy +# can be used to force the installation of the certificate at the next +# run. +New-Item -Path "C:\Program Files\Mozilla Firefox\" -Name distribution -ItemType Directory -Force +@" +{ + "policies": { + "Certificates": { + "Install": ["C:\\Tools\\hic-tre.dundee.ac.uk.crt"] + } + } +} +"@ | Out-File -Encoding ASCII -FilePath "C:\Program Files\Mozilla Firefox\distribution\policies.json" + +# This covers both conda and CRAN, but it also overrides their own +# provided CA chain files. That's probably ok given we don't allow +# access to the internet. +[Environment]::SetEnvironmentVariable( + "SSL_CERT_FILE", + "C:\Tools\hic-tre.dundee.ac.uk.crt", + [System.EnvironmentVariableTarget]::User) +[Environment]::SetEnvironmentVariable( + "REQUESTS_CA_BUNDLE", + "C:\Tools\hic-tre.dundee.ac.uk.crt", + [System.EnvironmentVariableTarget]::User) +[Environment]::SetEnvironmentVariable( + "CURL_CA_BUNDLE", + "C:\Tools\hic-tre.dundee.ac.uk.crt", + [System.EnvironmentVariableTarget]::User) diff --git a/modules/hic-tre-cert.sh b/modules/hic-tre-cert.sh index e495ea8..0cbf891 100644 --- a/modules/hic-tre-cert.sh +++ b/modules/hic-tre-cert.sh @@ -60,3 +60,15 @@ sudo tee /etc/firefox/policies/policies.json <