Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Rekonq doesn't trust my Certificate Authority



On Thu, Mar 12, 2015 at 12:00:59AM -0400, Bill Horne wrote:
> I've come across an odd problem with Rekonq, and I'm looking for help.
> 
> I have a "real" SSL certificate for my website, billhorne.com. It
> shows, as is expected, a "padlock" icon when I go to
> https://billhorne.com/ .
> 
> Except when I use Rekonq, and then the KDE browser gives me an
> "untrusted" error, saying that the root CA certificate is not
> trusted for this use.  Google searches show that it's a "known"
> problem, but the only pages I found were of suggestions that there
> was a MITM attack in progress or warning against using a self-signed
> cert.
> 
> I took a screen shot of the "deails" page: it's at
> https://billhorne.com/snapshot1.png .  All suggestions are welcome,
> and thank you in advance.

https://www.ssllabs.com/ssltest/analyze.html?d=billhorne.com&latest

You probably have some certificate chain problems that Rekonq is
sensitive to. You support weak algorithms -- try:


SSLCipherSuite ALL:!ADH:RC4:+HIGH:+MEDIUM:!LOW:!EXP:!AECDH
SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2
SSLCompression off

With RC4, you have some weakness, but without RC4, you'll lose a 
lot of older browsers. In a year or three you can probably drop
that, too.

And when you renew the cert, you should get SHA2 instead of
SHA1. 

That's all the things I can see.

-dsr-



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org