Active Topics
-
Sailfish OS for the Motorola Moto G7 Power (XT1955-5) - (ocean) (3)
to SailfishOS by edp17 - 7 hrs, 26 mins ago -
The N900 is now 15 years old! (6)
to Nokia N900 by Macros - 1 day, 11 hrs ago -
F(x)tec Pro1x (QWERTY) for sale (0)
to Buy & Sell by aln00000 - 2 days ago -
n770 youtube video (0)
to General by nmdv - 5 days, 23 hrs ago - more...
vinc17 |
2011-08-31
, 12:55
|
|
Posts: 227 |
Thanked: 53 times |
Joined on Feb 2008
@ Lyon, France
|
#11
|
Originally Posted by vinc17
Problem solved. It was due to the fact I removed the certificate manually (something that should be allowed since this is a conffile!). I reinstalled the certificate by purging maemosec-certman-common-ca and reinstalling it (together with as-daemon-0, which was removed at the same time).
|
|
2011-08-31
, 13:07
|
|
Posts: 3,617 |
Thanked: 2,412 times |
Joined on Nov 2009
@ Cambridge, UK
|
#12
|
Originally Posted by vinc17
Looks like the correct process (works for me anyway) is to remove the certificate from the Root CA store by doing (as root):
Problem solved. It was due to the fact I removed the certificate manually (something that should be allowed since this is a conffile!). I reinstalled the certificate by purging maemosec-certman-common-ca and reinstalling it (together with as-daemon-0, which was removed at the same time).
Code:
cmcli -c common-ca -r 8868bfe08e35c43b386b62f7283b8481c80cd74d
Code:
cmcli -T common-ca -L | grep DigiNotar
|
|
2011-08-31
, 13:19
|
|
Posts: 1,808 |
Thanked: 4,272 times |
Joined on Feb 2011
@ Germany
|
#13
|
Originally Posted by Rob1n
Is there some list with all those chrome:// links for microb?
For microb, just point your browser to chrome://pippki/content/certManager.xul (I've set up a bookmark for this) to get access to the certificate management interface.
I knew about the one for the password manager, and now this one, but I'm wondering if there's anything else that might be interesting?
Add.: I found this URL http://kb.mozillazine.org/Chrome_URLs (not specific to microb, but will try the links)
| The Following User Says Thank You to reinob For This Useful Post: | ||
 |
|
2011-08-31
, 16:11
|
|
Posts: 361 |
Thanked: 219 times |
Joined on Sep 2010
|
#14
|
Originally Posted by PMaff
Nokia support answered that I should
...
Anyway: I contacted a security email address at Nokia, let's see, if they answer.
rm /etc/certs/common-ca/8868* (as root)
and that there will be updates to certificates on Nokia N900.
Support is working on a solution.
I did not check the rm-method.
|
|
2011-08-31
, 16:17
|
|
Posts: 227 |
Thanked: 53 times |
Joined on Feb 2008
@ Lyon, France
|
#15
|
Originally Posted by PMaff
Removing the certificate manually like that seems to have been the cause of the browser crashes with https URL's on my N900. The cmcli solution worked without any problem.
Nokia support answered that I should
rm /etc/certs/common-ca/8868* (as root)
and that there will be updates to certificates on Nokia N900.
|
|
2011-08-31
, 16:47
|
|
Posts: 115 |
Thanked: 342 times |
Joined on Dec 2010
|
#16
|
Yes I also removed yesterday /etc/certs/common-ca/[the cert] and SSL in microb was borked after that. Yet another maemo speciality...
 |
|
2011-08-31
, 22:04
|
|
Posts: 2,222 |
Thanked: 12,651 times |
Joined on Mar 2010
@ SOL 3
|
#17
|
Originally Posted by NIN101
Yet another time community beats Nokia :-D
Yes I also removed yesterday /etc/certs/common-ca/[the cert] and SSL in microb was borked after that. Yet another maemo speciality...
__________________
Maemo Community Council member [2012-10, 2013-05, 2013-11, 2014-06 terms]
Hildon Foundation Council inaugural member.
MCe.V. foundation member
EX Hildon Foundation approved Maemo Administration Coordinator (stepped down due to bullying 2014-04-05)
aka "techstaff" - the guys who keep your infra running - Devotion to Duty http://xkcd.com/705/
IRC(freenode): DocScrutinizer*
First USB hostmode fanatic, father of H-E-N
Maemo Community Council member [2012-10, 2013-05, 2013-11, 2014-06 terms]
Hildon Foundation Council inaugural member.
MCe.V. foundation member
EX Hildon Foundation approved Maemo Administration Coordinator (stepped down due to bullying 2014-04-05)
aka "techstaff" - the guys who keep your infra running - Devotion to Duty http://xkcd.com/705/
IRC(freenode): DocScrutinizer*
First USB hostmode fanatic, father of H-E-N
| The Following User Says Thank You to joerg_rw For This Useful Post: | ||
|
|
2011-09-01
, 06:31
|
|
Posts: 3,074 |
Thanked: 12,960 times |
Joined on Mar 2010
@ Sofia,Bulgaria
|
#18
|
Originally Posted by PMaff
That is why I said to immediately raise a bug, they are obliged to fix security issues (hopefully)
Nokia support answered that I should
rm /etc/certs/common-ca/8868* (as root)
and that there will be updates to certificates on Nokia N900.
Support is working on a solution.
I did not check the rm-method.
| The Following User Says Thank You to freemangordon For This Useful Post: | ||
 |
|
2011-09-01
, 09:04
|
|
Posts: 4,118 |
Thanked: 8,901 times |
Joined on Aug 2010
@ Ruhrgebiet, Germany
|
#19
|
Originally Posted by freemangordon
That is why I said to immediately raise a bug, they are obliged to fix security issues (hopefully)
harhar Thanks for info and how-to.
But another (two) question(s):
1. how to restore the certificate, once its resolved by DigiNotar?
2. as I remember, a few months ago, there has been another certicate issue with I-do-not-remember-anymore. Does anyone remember and knows, if this also affects our microb (surely). Maybe post those issuers also to delete the affected certs also, please???
But then how we may restore the new valid ones (which we get on desktop PC via updates)?
So, how we will be safe in future without updates from Nokia?
Is there a site to check all installed certs against validity/safety?
Regards
P.S: I have added a small script ( far from being dumb-user-safe,. awk/sed and me are not friends yet
) to remove unsafe certificate issuers (making bkp still)
| The Following User Says Thank You to peterleinchen For This Useful Post: | ||
|
|
2011-09-01
, 09:40
|
|
Posts: 3,617 |
Thanked: 2,412 times |
Joined on Nov 2009
@ Cambridge, UK
|
#20
|
Originally Posted by peterleinchen
There's nothing to be resolved. The company is simply too incompetent to run a CA - they had no idea what certificates had been fraudulently issued, and apparently have had sections of their website defaced for several years now.
1. how to restore the certificate, once its resolved by DigiNotar?
Originally Posted by peterleinchen
There was (at least) one other CA hacked recently and some faulty certificates issued, yes. This was spotted within days and all certificates were revoked though, whereas it took DigiNotar several months to spot the hack, and they failed to revoke many of the issued certificates.
2. as I remember, a few months ago, there has been another certicate issue with I-do-not-remember-anymore. Does anyone remember and knows, if this also affects our microb (surely). Maybe post those issuers also to delete the affected certs also, please???
Originally Posted by peterleinchen
The only certificates held on the phone should be the CA certificates (and any you've manually added). These are then used to authenticate any certificates used on websites. The CA certificates will only need updating if the CA becomes untrusted (as DigiNotar has), the certificate expires and a new one needs to be issued (an uncommon occurrence - CA certificates have very long terms), or a new CA needs to be added. The latter two can be done manually though, via the browser.
So, how we will be safe in future without updates from Nokia?
Is there a site to check all installed certs against validity/safety?
| The Following 2 Users Say Thank You to Rob1n For This Useful Post: | ||