Skip to main content

Topic: All https pages are insecure after installation of private certificate (Read 361 times)

  • Oller
  • [*]
All https pages are insecure after installation of private certificate
Recently I tried to configure my computer to mount an NFS share (more or less without success). One of the steps was to install a pem-certificate from my employer for use with ldaps requests. In order to get it work I tried different things, like running the c_rehash command for installing the certificate system-wide.
Now, since this time Otter tells me at each https site that the owner of ... has configured their page improperly, which is not true. Firefox does not complain on these pages. Is there any idea how to undo this? Yes, this is a classical case of root not knowing what he does.

  • Emdek
  • [*][*][*][*][*]
  • Moderator
Re: All https pages are insecure after installation of private certificate
Reply #1
@Oller, could you please copy the exact error message?
Nadszedł już czas, najwyższy czas, nienawiść zniszczyć w sobie.
The time has come, the high time, to destroy hatred in oneself.

  • Oller
  • [*]
Re: All https pages are insecure after installation of private certificate
Reply #2
Of course. So in English the error page would be, for this forum:
The owner of thedndsanctuary.eu has configured their page improperly. To protect your information from being stolen, connection to this website was aborted.

  • Emdek
  • [*][*][*][*][*]
  • Moderator
Re: All https pages are insecure after installation of private certificate
Reply #3
@Oller, any extra details under Advanced?
Nadszedł już czas, najwyższy czas, nienawiść zniszczyć w sobie.
The time has come, the high time, to destroy hatred in oneself.

  • Oller
  • [*]
Re: All https pages are insecure after installation of private certificate
Reply #4
I cannot find that string in the linguist, so I translate myself to English:
The certificate of the issuer of a locally found certificate could not be found.

  • Oller
  • [*]
Re: All https pages are insecure after installation of private certificate
Reply #5
And meanwhile I removed the questionable certificate from the directory for private certificates, but Otter still tells the same.

  • annulen
  • [*]
Re: All https pages are insecure after installation of private certificate
Reply #6
Firefox may be using bundled certificates or load them from a different path. Path from where Qt tries to load CA certificates depends on OS that you are using. Maybe file or directory permissions were screwed or some symlink stopped working

  • annulen
  • [*]
Re: All https pages are insecure after installation of private certificate
Reply #7
If you are on Linux, you can probably identify what is broken by using strace -e trace=file. Before first TLS connection Qt tries to open system CA certificates in their typical locations, and in strace log you will see which exact paths lead to which errors.

  • Oller
  • [*]
Re: All https pages are insecure after installation of private certificate
Reply #8
Okay, from strace I did not find exactly the error, but I found that files in /etc/pki/tls are being read. For this reason I simply copied this directory from my home computer, where https works fine, to my office computer. And that solved the problem. So from now on I make backups of /etc.

Many thanks for the answer and good luck for your projects!