[Discuss] Rekonq doesn't trust my Certificate Authority
Dan Ritter
dsr at randomstring.org
Thu Mar 12 07:28:20 EDT 2015
On Thu, Mar 12, 2015 at 12:00:59AM -0400, Bill Horne wrote:
> I've come across an odd problem with Rekonq, and I'm looking for help.
>
> I have a "real" SSL certificate for my website, billhorne.com. It
> shows, as is expected, a "padlock" icon when I go to
> https://billhorne.com/ .
>
> Except when I use Rekonq, and then the KDE browser gives me an
> "untrusted" error, saying that the root CA certificate is not
> trusted for this use. Google searches show that it's a "known"
> problem, but the only pages I found were of suggestions that there
> was a MITM attack in progress or warning against using a self-signed
> cert.
>
> I took a screen shot of the "deails" page: it's at
> https://billhorne.com/snapshot1.png . All suggestions are welcome,
> and thank you in advance.
https://www.ssllabs.com/ssltest/analyze.html?d=billhorne.com&latest
You probably have some certificate chain problems that Rekonq is
sensitive to. You support weak algorithms -- try:
SSLCipherSuite ALL:!ADH:RC4:+HIGH:+MEDIUM:!LOW:!EXP:!AECDH
SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2
SSLCompression off
With RC4, you have some weakness, but without RC4, you'll lose a
lot of older browsers. In a year or three you can probably drop
that, too.
And when you renew the cert, you should get SHA2 instead of
SHA1.
That's all the things I can see.
-dsr-
More information about the Discuss
mailing list