From owner-freebsd-questions@freebsd.org Wed Jul 26 17:23:35 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 29D88DAB012 for ; Wed, 26 Jul 2017 17:23:35 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.20.71]) by mx1.freebsd.org (Postfix) with ESMTP id E09EE6D7DC for ; Wed, 26 Jul 2017 17:23:34 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id 81D8ECB8CD2; Wed, 26 Jul 2017 12:23:28 -0500 (CDT) Received: from 128.135.52.6 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Wed, 26 Jul 2017 12:23:28 -0500 (CDT) Message-ID: <33820.128.135.52.6.1501089808.squirrel@cosmo.uchicago.edu> In-Reply-To: <895366c1b1ff7a614240b9b6e32a3e77.squirrel@webmail.harte-lyne.ca> References: <895366c1b1ff7a614240b9b6e32a3e77.squirrel@webmail.harte-lyne.ca> Date: Wed, 26 Jul 2017 12:23:28 -0500 (CDT) Subject: Re: HTTP Error: Unacceptable TLS Certificate From: "Valeri Galtsev" To: byrnejb@harte-lyne.ca Cc: freebsd-questions@freebsd.org Reply-To: galtsev@kicp.uchicago.edu User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Jul 2017 17:23:35 -0000 On Wed, July 26, 2017 11:53 am, James B. Byrne via freebsd-questions wrote: > I have searched rather diligently for some answer to this question and > have not found anything useful. I have added our root and issuer CA > certificates to KDE's root certificate store (buried deep within an > obscurely named submenu called 'Look and Feel'). But that has not > changed the behaviour of the file browser. > > How does one add private certificates to the Mate desktop so that > webdav connections to websites thereby secured may be successful? > Well, I actually would install ca_root_nss package on client machine(s). It installs root certificates into: /usr/local/share/certs/ca-root-nss.crt file, and it simultaneously creates symlink /etc/ssl/cert.pem pointing to that file. Unless I am mistaken, it is either one or another of the above that is used as local root cert store, so if you add your own Certification Authority certificate to the /usr/local/share/certs/ca-root-nss.crt file, then all applications checking that certificates are signed by known authority will be happy about certificates signed by your CA certificate. This has to be done on all client machines, so you may think of creating custom package and installing it instead of ca_root_nss. I envision the following problem if you just edited file that came with ca_root_nss package: Once you install update for ca_root_nss package, it will overwrite the file you have added your CA cert into. When I run my own CA it was always the hassle, which can be overcome one of several ways. If you don't want the machine recognize any of known Certification Authorities, only your own, then you can just manually create the file with your CA cert and symlink to it as above. I hope, this helps. Valeri > > > -- > *** e-Mail is NOT a SECURE channel *** > Do NOT transmit sensitive data via e-Mail > Do NOT open attachments nor follow links sent by e-Mail > > James B. Byrne mailto:ByrneJB@Harte-Lyne.ca > Harte & Lyne Limited http://www.harte-lyne.ca > 9 Brockley Drive vox: +1 905 561 1241 > Hamilton, Ontario fax: +1 905 561 0757 > Canada L8E 3C3 > > > > -- > *** e-Mail is NOT a SECURE channel *** > Do NOT transmit sensitive data via e-Mail > Do NOT open attachments nor follow links sent by e-Mail > > James B. Byrne mailto:ByrneJB@Harte-Lyne.ca > Harte & Lyne Limited http://www.harte-lyne.ca > 9 Brockley Drive vox: +1 905 561 1241 > Hamilton, Ontario fax: +1 905 561 0757 > Canada L8E 3C3 > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++