* [gentoo-user] Re: Accepting as trusted b.g.o. certificates [was: From where the word 'gentoo' came?]
@ 2011-12-23 19:23 99% ` Mick
0 siblings, 0 replies; 1+ results
From: Mick @ 2011-12-23 19:23 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: Text/Plain, Size: 2596 bytes --]
On Thursday 22 Dec 2011 06:26:53 LinuxIsOne wrote:
> On Wed, Dec 21, 2011 at 12:50 PM, Nikos Chantziaras <realnc@arcor.de> wrote:
> > So it's either add cacert.org to your trusted authorities, or live in
> > hell when browsing b.g.o. IMO that's just stupid. I want to trust just
> > b.g.o, not every site out there that has a cacert certificate.
>
> Okay so how do I add only b.g.o of the cacert.org and not others? Can
> you tell me the step by step process?
A browser (e.g. Firefox) will pop up a warning that the particular website
(b.g.o.) certificate or the CA root certificate that has signed the website
certificate is not trusted. Under Technical Details it says:
"sec_error_untrusted_issuer"
So FF does not 'trust' CACert as the issuer of legitimate certificates, because
CACert's root certificate is not stored in FF's list of SSL Certification
Authorities. If you go to Preferences/Advanced/Encryption/View
Certificates/Authorities, you'll see that CACert is not in there.
At that moment you need to click on the relevant buttons of the warning
message and ask the browser to accept the certificate. There should also be
some tick box asking the browser to store the certificate as trusted
permanently.
If you click to add this exception permanently you can click on View to see
the details of the SSL certificate chain. There are 3 certificates in the
bundle:
1. CA Cert Signing Authority
The details tell you that this is the Root CA (self-signed). This is used to
sign the second certificate.
2. CAcert Class 3 Root
The details tell you that this is a Class 3 Root certificate which is used in
turn to sign the b.g.o. website certificate.
3. bugs.gentoo.org
This is the website certificate signed by 2 above.
Now if you click to permanently store the b.g.o. certificate, FF will store not
just certificate number 3, but the complete chain of signatory certificates.
You can examine these if you go to View Certificates and then Servers.
However, this chain of certificates does not implicitly trust certificates 1 and
2 above - unless you import these from the CACert website. In that case they
will show under the tab called Others, because you have imported these
yourself. Having done that, then any website that has a certificate signed by
CACert will be accepted automatically and you won't be warned out the Issuer
not being a Trusted CA.
Not all browsers are the same or choose to behave the same way on this matter,
but these are the basic principles.
--
Regards,
Mick
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [relevance 99%]
Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2011-12-20 17:31 [gentoo-user] From where the word 'gentoo' came? LinuxIsOne
2011-12-21 17:50 ` [gentoo-user] " Nikos Chantziaras
2011-12-22 6:26 ` LinuxIsOne
2011-12-23 19:23 99% ` [gentoo-user] Re: Accepting as trusted b.g.o. certificates [was: From where the word 'gentoo' came?] Mick
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox