Bug 665

Summary: Cacert root cert not included and trusted by default in various www browser (firefox/konqueror/rekonq/epiphany)
Product: Mageia Reporter: Raphael Gertz <mageia>
Component: RPM PackagesAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED OLD QA Contact:
Severity: normal    
Priority: Normal CC: balcaen.john, marja11, stormi-mageia
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: nss CVE:
Status comment:

Description Raphael Gertz 2011-04-06 17:31:43 CEST 
Description of problem:
The cacert root cert is not enabled and trusted by default in browsers.

Debian activated it by default and it would be great to stop needing pay a certificate and confirm the annoyings warnings ;)

Version-Release number of selected component (if applicable):
mageia-beta1-x86_64

How reproducible:
Alway

Steps to Reproduce:
1. Install
2. Open a browser
3. Go on a https website with a cacert ssl certificate like https://aoihime.eu/


Reproducible: 

Steps to Reproduce:
Comment 1 Samuel Verschelde 2011-10-01 00:49:14 CEST 
confirming
Comment 2 Samuel Verschelde 2011-10-01 00:50:59 CEST 
(confirming for konqueror only, firefox is ok)

CC: (none) => stormi

Samuel Verschelde 2011-10-01 00:51:29 CEST

Summary: Cacert root cert not included and trusted by default in konqueror/firefox => Cacert root cert not included and trusted by default in konqueror

Comment 3 Manuel Hiebel 2011-10-01 00:55:11 CEST 
And epiphany too

Assignee: bugsquad => balcaen.john
Source RPM: nss-3.12.9-1.mga1.src.rpm => kdebase4

Comment 4 John Balcaen 2011-10-01 03:50:55 CEST 
I can confirm on firefox 7 and rekonq so i doubt kde is in cause here

CC: (none) => balcaen.john
Hardware: i586 => All
Assignee: balcaen.john => bugsquad
Summary: Cacert root cert not included and trusted by default in konqueror => Cacert root cert not included and trusted by default in various www browser (firefox/konqueror/rekonq/epiphany)
Source RPM: kdebase4 => (none)

Manuel Hiebel 2011-10-30 02:52:48 CET

Source RPM: (none) => nss

Comment 5 Marja Van Waes 2011-12-23 15:31:27 CET 
When I go to https://aoihime.eu/ , the certificate isn't trusted by FF8 nor by FF9, nor by Chromium 

Chromium says:
"...You attempted to reach aoihime.eu, but instead you actually reached a server identifying itself as start.ovh.net.................You should not proceed"

And now when looking again in FF, I see:
"Certificate belongs to a different site, which could indicate an identity theft"

No wonder, it was issued by OVH Secure Certification Authority,  but instead of being issued to aoihime.eu, it was issued to start.ovh.net

So at the moment, there is nothing wrong with the browsers even though there may have been something wrong before.

Closing as old, feel free to reopen when you find a website where no error was made with the certificate and the browsers still refuse to accept.


(BTW, how can you see an OVH certificate is a CAcert certificate?
By the line "AddTrust External CA Root" in the Certificate Hierarchy?)

Status: NEW => RESOLVED
CC: (none) => marja11
Resolution: (none) => OLD