Invalid SSL certificates

dlmalloc · n00b Joined: 21 Jun 2009 Posts: 40 Location: UK

The Gentoo forums have invalid SSL certificates, which is annoying for those of us that browse https and constantly have to manually accept the certs.

Surely this is a problem that can be fixed?

This goes for the rest of *.gentoo.org too.
_________________
$ ./lurk;

dlmalloc@irc.freenode.net

NeddySeagoon · Posted: Fri Apr 29, 2011 5:33 pm Post subject:

dlmalloc,

They are not invalid.

Gentoo uses CACert as the certificate authority. Unfortunately, the CACert root certificate is not distributed with browsers.
You need to manually add the CACert Root Certificate to your browser(s). Only ff you trust it of course.

Have you verified all the pre installed certificates ?
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.

aidanjt · Posted: Fri Apr 29, 2011 5:40 pm Post subject:

Yeah I've been meaning to raise this point, why doesn't Gentoo add CAcert to the system CA list?
_________________

dlmalloc · n00b Joined: 21 Jun 2009 Posts: 40 Location: UK

Ah fantastic! :)

Though I agree with AidanJT, why not include CACert?
_________________
$ ./lurk;

dlmalloc@irc.freenode.net

NeddySeagoon · Posted: Fri Apr 29, 2011 7:49 pm Post subject:

Gentoo has a policy of sticking as close to upstream as possible.
I suppose it could be an ebuild ...
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.

aidanjt · Posted: Fri Apr 29, 2011 7:57 pm Post subject:

Amity88 · Posted: Tue Aug 02, 2011 3:53 pm Post subject:

This topic just opened my eyes to something related.... how do I verify the ssl certificates preinstalled on the system? I just attempted to check gmail's certificate fingerprint, I can view the local sha fingerprint... but what do I compare it against, googling didn't yield any results
_________________