Active Topics

 


Reply
Thread Tools
chrischras is offline chrischras
2015-01-18 , 13:05
Posts: 29 | Thanked: 19 times | Joined on Feb 2010 @ Germany, Wolfenbuettel
#1
Hej together,

i have a problem with this cacert.org-verified site:
https://blog.fefe.de

microb tells in Details:
Titel: Seiten-Ladefehler
Groesse: unbekannt
Typ: application/xhtml+xml
Adresse: https://blog.fefe.de
Sicherheit: keine sichere Seite
Verifikation: Website-Identitaet nicht ueberprueft
Could someone please verify that this web-side doesn't load in microb ?

In Fennec it also doesn't work. Error:
This web site does not supply identity information. Not encrypted.
I've downloaded and installed in certificate-store the certificates from cacert.org ( https://www.cacert.org/certs/root.der and https://www.cacert.org/certs/class3.der). But it seems they were not used.

wget to the url mentionend above show:

Code:
wget -v https://blog.fefe.de
--13:36:42-- http://blog.fefe.de/
            => 'index.html'
Auflösen  des Hostname >>blog.fefe.de<< ..... 31.15.64.162, 2001:4d88:3508::fefe:b106
Verbindungsaufbau zu blog.fefe.de|31.15.64.162, :443... verbunden
Es ist nicht moeglich, eine SSL-Verbindung herzustellen.
Any idea how to test it?

I've attached the cert (ptrace.fefe.de(.txt <- remove)) of this site and a screenshot of infos from iceweasel which could open this site with https on my computer.

with regards,
Christian
Attached Images
 
Attached Files
File Type: txt ptrace.fefe.de.txt (3.4 KB, 100 views)
 

The Following 2 Users Say Thank You to chrischras For This Useful Post:
Feathers McGraw's Avatar
Feathers McGraw is offline Feathers McGraw
2015-01-18 , 14:15
Posts: 654 | Thanked: 2,368 times | Joined on Jul 2014 @ UK
#2
Hi!

I've used cacert before, but never on maemo (i'm new). Since the filesystem structure is different, I had to do a bit of digging but i think this will work...

This is taken from a tutorial I wrote for raspberry pi/ubuntu. I'd post a link too but i'm not sure if that's considered impolite here or not (is it?).

If you look in your certs directory (ls -l /etc/ssl/certs) you will see that all of the certs have sensible certificate names like GeoTrust_Global_CA.pem, but there are also a load of symbolic links with names like 2c543cd1.0 that point to the certificate files with the human readable names.

Those symlink names like 2c543cd1.0 are hashes of the certificate files, and are there to enable programs on your computer to quickly check whether the root certificate is in your computer's certificate directory or not. Some programs manage to recognise that the certificate is installed just fine without the symlinks, but some of them do not. Openssl is one of the ones that doesn't.

So, we need to make use of one more command to create a symlink for the newly installed cacert-root.crt (this will also refresh the symlinks for the rest of the certs in the folder):

Code:
sudo c_rehash /etc/ssl/certs
In maemo, it appears these certs are installed in a different directory, so the modified command to re-hash your certificates is:

Code:
# c_rehash /etc/certs/common-ca/
c_rehash is part of the openssl package.

I've tested the command on maemo and it works, but i haven't installed the cacert root so i can't do a full test to see if it sorts out microb.

HTH!
Last edited by Feathers McGraw; 2015-01-18 at 14:17. Reason: fixed tags
 

The Following User Says Thank You to Feathers McGraw For This Useful Post:
Reply

« Previous Thread | Next Thread »

 
Forum Jump


All times are GMT. The time now is 18:10.

Contact Us - Home - Archive - Top