Where debating everything under the sun is only the beginning

All https pages are insecure after installation of private certificate

2017-11-22, 10:32:54

Recently I tried to configure my computer to mount an NFS share (more or less without success). One of the steps was to install a pem-certificate from my employer for use with ldaps requests. In order to get it work I tried different things, like running the c_rehash command for installing the certificate system-wide.
Now, since this time Otter tells me at each https site that the owner of ... has configured their page improperly, which is not true. Firefox does not complain on these pages. Is there any idea how to undo this? Yes, this is a classical case of root not knowing what he does.

Re: All https pages are insecure after installation of private certificate

Reply #1 – 2017-11-23, 17:29:44

@Oller, could you please copy the exact error message?

Re: All https pages are insecure after installation of private certificate

Reply #2 – 2017-11-24, 13:42:35

Of course. So in English the error page would be, for this forum:
The owner of thedndsanctuary.eu has configured their page improperly. To protect your information from being stolen, connection to this website was aborted.

Re: All https pages are insecure after installation of private certificate

Reply #3 – 2017-11-24, 15:21:58

@Oller, any extra details under Advanced?

Re: All https pages are insecure after installation of private certificate

Reply #4 – 2017-11-24, 16:18:20

I cannot find that string in the linguist, so I translate myself to English:
The certificate of the issuer of a locally found certificate could not be found.

Re: All https pages are insecure after installation of private certificate

Reply #5 – 2017-11-24, 16:21:50

And meanwhile I removed the questionable certificate from the directory for private certificates, but Otter still tells the same.

Re: All https pages are insecure after installation of private certificate

Reply #6 – 2017-11-26, 14:04:52

Firefox may be using bundled certificates or load them from a different path. Path from where Qt tries to load CA certificates depends on OS that you are using. Maybe file or directory permissions were screwed or some symlink stopped working

Re: All https pages are insecure after installation of private certificate

Reply #7 – 2017-11-26, 18:53:30

If you are on Linux, you can probably identify what is broken by using strace -e trace=file. Before first TLS connection Qt tries to open system CA certificates in their typical locations, and in strace log you will see which exact paths lead to which errors.

Re: All https pages are insecure after installation of private certificate

Reply #8 – 2017-11-28, 17:50:15

Okay, from strace I did not find exactly the error, but I found that files in /etc/pki/tls are being read. For this reason I simply copied this directory from my home computer, where https works fine, to my office computer. And that solved the problem. So from now on I make backups of /etc.

Many thanks for the answer and good luck for your projects!