Bug 665 - Cacert root cert not included and trusted by default in various www browser (firefox/konqueror/rekonq/epiphany)
Summary: Cacert root cert not included and trusted by default in various www browser (...
Status: RESOLVED OLD
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Mageia Bug Squad
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-04-06 17:31 CEST by Raphael Gertz
Modified: 2011-12-23 15:31 CET (History)
3 users (show)

See Also:
Source RPM: nss
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Raphael Gertz 2011-04-06 17:31:43 CEST 
Description of problem:
The cacert root cert is not enabled and trusted by default in browsers.

Debian activated it by default and it would be great to stop needing pay a certificate and confirm the annoyings warnings ;)

Version-Release number of selected component (if applicable):
mageia-beta1-x86_64

How reproducible:
Alway

Steps to Reproduce:
1. Install
2. Open a browser
3. Go on a https website with a cacert ssl certificate like https://aoihime.eu/


Reproducible: 

Steps to Reproduce:
Comment 1 Samuel Verschelde 2011-10-01 00:49:14 CEST 
confirming
Comment 2 Samuel Verschelde 2011-10-01 00:50:59 CEST 
(confirming for konqueror only, firefox is ok)

CC: (none) => stormi

Samuel Verschelde 2011-10-01 00:51:29 CEST

Summary: Cacert root cert not included and trusted by default in konqueror/firefox => Cacert root cert not included and trusted by default in konqueror

Comment 3 Manuel Hiebel 2011-10-01 00:55:11 CEST 
And epiphany too

Assignee: bugsquad => balcaen.john
Source RPM: nss-3.12.9-1.mga1.src.rpm => kdebase4

Comment 4 John Balcaen 2011-10-01 03:50:55 CEST 
I can confirm on firefox 7 and rekonq so i doubt kde is in cause here

CC: (none) => balcaen.john
Hardware: i586 => All
Assignee: balcaen.john => bugsquad
Summary: Cacert root cert not included and trusted by default in konqueror => Cacert root cert not included and trusted by default in various www browser (firefox/konqueror/rekonq/epiphany)
Source RPM: kdebase4 => (none)

Manuel Hiebel 2011-10-30 02:52:48 CET

Source RPM: (none) => nss

Comment 5 Marja Van Waes 2011-12-23 15:31:27 CET 
When I go to https://aoihime.eu/ , the certificate isn't trusted by FF8 nor by FF9, nor by Chromium 

Chromium says:
"...You attempted to reach aoihime.eu, but instead you actually reached a server identifying itself as start.ovh.net.................You should not proceed"

And now when looking again in FF, I see:
"Certificate belongs to a different site, which could indicate an identity theft"

No wonder, it was issued by OVH Secure Certification Authority,  but instead of being issued to aoihime.eu, it was issued to start.ovh.net

So at the moment, there is nothing wrong with the browsers even though there may have been something wrong before.

Closing as old, feel free to reopen when you find a website where no error was made with the certificate and the browsers still refuse to accept.


(BTW, how can you see an OVH certificate is a CAcert certificate?
By the line "AddTrust External CA Root" in the Certificate Hierarchy?)

Status: NEW => RESOLVED
CC: (none) => marja11
Resolution: (none) => OLD
Note You need to log in before you can comment on or make changes to this bug.