Adding a new CA for WebDAV to Zotero Standalone

There are instructions [1] to force Zotero Standalone to ignore certificate validation errors. This is good enough for self-signed certificates, but if you have a signed certificate from a CA that Zotero doesn't recognize, you can do better.

You will need certutil from the Mozilla NSS tools and a copy of your issuer's CA certificate. In Debian, you can find certutils in the libnss3-tools package.

The certificate is then installed with this command:
certutil -d <profile dir> -A -n <name> -i <cacert> -t "C,,"

<profile dir> is the directory of your Zotero Standalone profile (mine is ~/.zotero/zotero/<random junk>.default).
<name> is a user-friendly name to call it.
<cacert> is the path to the CA certificate file.
"C,," tells NSS to trust the server certificates issued by the CA.

If your CA requires any intermediate certificates, you'll need to modify the trust parameters and add the intermediate authorities. See the details on using certutil to manage certificates at [2].

[1] - http://www.zotero.org/support/kb/cert_override
[2] - http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html
  • Thanks a LOT ! I can confirm that it worked perfectly for me too.

    As i was running Zotero on Windows, I made a copy of the profile folder to a Debian box, followed the instructions and moved the resulting profile folder back to Windows. It worked perfectly!
  • Awesome. +1 Might need to add this to the wiki.

    As of Nov 17th on OS X you can use brew to install nss!
    `brew install nss`

    Also, the nickname needs to be surrounded by quotes.
Sign In or Register to comment.