[Discuss] Rekonq doesn't trust my Certificate Authority

[dsr at randomstring.org (Dan Ritter)]

On Thu, Mar 12, 2015 at 12:00:59AM -0400, Bill Horne wrote:
> I've come across an odd problem with Rekonq, and I'm looking for help.
> 
> I have a "real" SSL certificate for my website, billhorne.com. It
> shows, as is expected, a "padlock" icon when I go to
> https://billhorne.com/ .
> 
> Except when I use Rekonq, and then the KDE browser gives me an
> "untrusted" error, saying that the root CA certificate is not
> trusted for this use.  Google searches show that it's a "known"
> problem, but the only pages I found were of suggestions that there
> was a MITM attack in progress or warning against using a self-signed
> cert.
> 
> I took a screen shot of the "deails" page: it's at
> https://billhorne.com/snapshot1.png .  All suggestions are welcome,
> and thank you in advance.

https://www.ssllabs.com/ssltest/analyze.html?d=billhorne.com&latest

You probably have some certificate chain problems that Rekonq is
sensitive to. You support weak algorithms -- try:


SSLCipherSuite ALL:!ADH:RC4:+HIGH:+MEDIUM:!LOW:!EXP:!AECDH
SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2
SSLCompression off

With RC4, you have some weakness, but without RC4, you'll lose a 
lot of older browsers. In a year or three you can probably drop
that, too.

And when you renew the cert, you should get SHA2 instead of
SHA1. 

That's all the things I can see.

-dsr-