Bug 1528 - Cannot add a trusted certificate to Web Browser
: Cannot add a trusted certificate to Web Browser
Status: RESOLVED FIXED
Product: Browser
MicroB engine
: 4.1.3 (5.2008.43-7)
: All Maemo
: Low normal (vote)
: 5.0 (1.2009.41-10)
Assigned To: Juhani Mäkelä
: microb-bugs
: http://netreg.snc.edu/cert/
:
:
:
  Show dependency tree
 
Reported: 2007-06-10 22:06 UTC by Ryan Pavlik
Modified: 2009-09-21 13:23 UTC (History)
7 users (show)

See Also:


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description Ryan Pavlik (reporter) 2007-06-10 22:06:32 UTC
It seems as though there is no way to add a certificate as trusted "against
Opera's will" even if one has a reason for doing so (employer/school has own
root CA, etc).  For example, I would like to add the SNC root certificate from
http://www.snc.edu/compserv/handouts/rootcert.htm but it just downloads the
file, and the seemingly-unrelated Certificate Manager in the control panel
doesn't do anything with that file.

Is this related to bug #1268?
Comment 1 timeless 2007-08-06 17:02:13 UTC
The certificate manager is theoretically integrated with the installed browser.
However, in my experience, most certificates people try to use don't work. Half
the time the problem is with the certificate (most certificates floating around
aren't valid), and half the time, certman is just broken.
Comment 2 Andre Klapper maemo.org 2008-09-25 18:56:20 UTC
Ryan, I'd love to test this against MicroB again before closing as WONTFIX 
(because Opera is no longer used in Diablo and there will be no changes to the
package.) but the URL doesn't work anymore.

Is this still an issue in Diablo, or can you provide an updated URL so I can
test myself? Thanks.
Comment 3 Ryan Pavlik (reporter) 2008-09-25 19:32:31 UTC
Here's the new link.
Comment 4 timeless 2008-09-25 21:22:21 UTC
we're going to replace certman with a pkcs11 module for fremantle, at this time
afaict installing a certificate requires certutil or just copying your certdb
from firefox.

for testing:
1. load http://www.cacert.org/index.php?id=3
2. click Password Login <https://www.cacert.org/index.php?id=4>
3. click cancel in the alert dialog (or in firefox, go back)
4. click Intermediate Certificate (PEM Format)
<http://www.cacert.org/certs/class3.crt>
- in firefox, you're prompted to install the certificate, in microb diablo we
seem to do nothing (you don't want to know the story behind this, it's much
better than what we did earlier) - for consistency, in firefox, click cancel
5. click Intermediate Certificate (DER Format)
<http://www.cacert.org/certs/class3.der>
- in firefox, you're asked what to do w/ the file (nss is apparently not
registered for DER)
- in microb, you're asked if you want to install it w/ certman
6. install it w/ certman
7. if you're in firefox, go back and install the pem
8. in either case, trust for web sites
9. try the password login link from 2 again
- in firefox it works, in microb it doesn't.

anyway, there's a project, I saw the pkcs11 module yesterday and it was
basically working. i don't know if we'll try to backport it.
Comment 5 Roberto Resoli 2008-09-30 22:18:26 UTC
(In reply to comment #4)
...
> for testing:
> 1. load http://www.cacert.org/index.php?id=3

cacert site certificate section is down at the moment; I can provide an
alternate site:

https://webapps.comune.trento.it

and root certificate

https://webapps.comune.trento.it/trentoca.crt
(sha1 fingerprint: D8EF2DDA 72227A38 4A2D9277 F5652CB7 030651FC)

A section of the same site is set for ssl client auth, i can provide a test
client cert if you want.

Roberto Resoli
Comment 6 Andre Klapper maemo.org 2009-02-26 22:37:17 UTC
*** Bug 3792 has been marked as a duplicate of this bug. ***
Comment 7 Juhani Mäkelä nokia 2009-09-21 13:23:41 UTC
Fixed in Fremantle. Root certificates can be added by downloading them as files
and starting installation by the File Manager. The integration with the browser
is not as smooth as it should be (clicking a link that points to a certificate
leads to an error, in stead you have to tap the link and select "save as", then
get rid of the .html-extension appended automatically), but is possible.