2

We've got some Pis at work that just display some dashboard stats on some TVs on the main office floor.

The dashboard runs on our own internal self-hosted intranet site that the Pis are supposed to access with Chromium. They automatically open the web page in kiosk mode on boot (and should never really reboot but twice a month for updates).

However, we're running into an issue where we get the ERR:NET_CER_INVALID error in Chromium, it seems we have to import our self-hosted CA certs, which I seem to be able to do following this post:

Entrusted Certificates installation

I export the certs from our intranet site with Chrome and then import them onto the Pis.

After following this process, the certs appear to work and the site loads, but if the Pi ever reboots then it loses the certs and we have to do the import process over again.

Does anyone know why this might be happening? We do have a kiosk.sh script that runs at boot, but it basically just tells Chromium to run and that's really it, there's nothing in there that should have anything to do with certs.

I also tried just setting Chromium's security mode to No Protection so that it wouldn't even check for certs, but this too resets after reboot.

  • Is there something about Raspbian that causes CA Certs and Settings to revert after a reboot?
  • Is there a step I'm missing? I'm generally pretty familiar with Ubuntu and Arch Linux but I've never used Raspbian before.
Rohit Gupta
  • 281
  • 2
  • 4
  • 11
Abdul-Hakeem
  • 21
  • 1
  • I sometimes bring my raspberry pi 4B to my school, and when I plug it into my raspberry pi, I notice it gets the same issue with it saying NET_CER_INVALID. I also think Chromium is resetting every time it closes. I'm not fully sure how to fix it yet, but I'll research it. – LilData777 Feb 28 '23 at 20:36
  • Which version of Raspberry Pi OS are you using? Have you made any significant changes to the standard install? it's almost as if your root filesystem is in RAM so any changes you make to the filesystem naturally don't survive a reboot - e.g. have you enabled Overlay Filesystem in raspi-config – Jaromanda X Mar 01 '23 at 00:13
  • The only thing that causes changes to revert after reboot is a read-only filesystem. Test for that by creating /home/pi/test then reboot and check for existence. If the system is ro that can be due to a worn out SDCard. – Dougie Mar 01 '23 at 09:27
  • @JaromandaX whatever the latest version is, installed from the official Imager app. Installed the Lite version, not sure if file system was ever expanded or not. Overlay Filesystem is currently showing as disabled in raspi-config. Maybe that's the problem? – Abdul-Hakeem Mar 02 '23 at 22:06
  • @Dougie tested this and files here do persist after reboot. I wonder if I'm importing the CA Certs wrong. – Abdul-Hakeem Mar 02 '23 at 22:06

0 Answers0