Page 1 of 4 123 ... LastLast
Results 1 to 10 of 34

Thread: annoying message "The certificate authority's certificate is invalid" in rekonq and kaddressbook

  1. #1

    Default annoying message "The certificate authority's certificate is invalid" in rekonq and kaddressbook

    I noted it in rekonq, sometime it comes with an annoying message in a window where I have to answer "forever" or "only for this session" for many times, and this forever isn't forever because the same message pop up again later, so I stopped to use rekonq, but evidently it wasn't related only to rekonq becouse now I received the same message like this:
    Code:
    The server failed the authenticity check (accounts.google.com).
    
    The certificate authority's certificate is invalid
    The root certificate authority's certificate is not trusted for this purpose
    but it seems to come from kaddressbook where I set contacts of my google account.
    how can I get rid of this annoying message???
    manythanks, :-) ciao :-) pier

  2. #2
    Join Date
    Nov 2009
    Location
    West Virginia Sector 13
    Posts
    15,697

    Default Re: annoying message "The certificate authority's certificate is invalid" in rekonq and kaddressbook

    This usually a problem at the Web server end where a certificate is bad or out of date. It can also indicate you are being redirected to a bad site so you don't really want to turn it off since it is a protection that alert you to possible attacks.

  3. #3
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,048

    Default Re: annoying message "The certificate authority's certificate isinvalid" in rekonq and kaddressbook

    On Sun, 30 Mar 2014 08:16:01 +0000, pier andreit wrote:

    > how can I get rid of this annoying message???


    Notify the website in question that their certificate may be invalid.

    Seriously, that's the best option - if you just blindly ignore the
    message, you may be subjecting yourself to a man-in-the-middle attack
    with a forged certificate.

    Jim
    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  4. #4
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,480
    Blog Entries
    3

    Default Re: annoying message "The certificate authority's certificate is invalid" in rekonq and kaddressbook

    Quote Originally Posted by pier_andreit View Post
    I noted it in rekonq, sometime it comes with an annoying message in a window where I have to answer "forever" or "only for this session" for many times, and this forever isn't forever because the same message pop up again later, ...
    I get that from time to time, with rekonq, konqueror and akregator.

    I mostly click the "only for this session", and proceed. Usually it is a site that isn't important (not a bank, not a site where I actually login).

    There is a "details" button you can click to see more details. It's usually something silly, such as a mismatch between the website name and the name on the certificate.

    I rarely see this when using firefox. My best guess is that the problem is with secondary sites serving up images or advertising, and firefox is deciding that it isn't an issue for such sites.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  5. #5
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,109
    Blog Entries
    2

    Default Re: annoying message "The certificate authority's certificate is invalid" in rekonq and kaddressbook

    Or,
    It can mean that the client app isn't pre-installed with a valid current list of trusted CAs. I don't know about your specific mail client, but I doubt its owners/authors are willing to pay the immense amounts of money to be automatically authorize the same list of CAs the major web browsers use. So, unless the mail client is associated with one of those browsers, a common solution is to just manually authorize connecting the first time you connect. If you then select "Trust Always..." you should not be challenged again.

    TSU

  6. #6
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,480
    Blog Entries
    3

    Default Re: annoying message "The certificate authority's certificate is invalid" in rekonq and kaddressbook

    Quote Originally Posted by tsu2 View Post
    Or,
    It can mean that the client app isn't pre-installed with a valid current list of trusted CAs. I don't know about your specific mail client, but I doubt its owners/authors are willing to pay the immense amounts of money to be automatically authorize the same list of CAs the major web browsers use. So, unless the mail client is associated with one of those browsers, a common solution is to just manually authorize connecting the first time you connect. If you then select "Trust Always..." you should not be challenged again.

    TSU
    I'm pretty sure that the certificate store in opensuse is populated from the firefox certificates, with a few additions. I'm not aware of any cost for having CA certificates on hand. There is typically a cost for a client certificate, such as if you run a secure (https) web site.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  7. #7
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: annoying message "The certificate authority's certificate isinvalid" in rekonq and kaddressbook

    On 2014-03-30 21:53, Jim Henderson wrote:
    > On Sun, 30 Mar 2014 08:16:01 +0000, pier andreit wrote:
    >
    >> how can I get rid of this annoying message???

    >
    > Notify the website in question that their certificate may be invalid.
    >
    > Seriously, that's the best option - if you just blindly ignore the
    > message, you may be subjecting yourself to a man-in-the-middle attack
    > with a forged certificate.


    Some opensuse sites used for developing work have "invalid"
    certificates, because they are self-signed ;-) :-p

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 13.1 x86_64 "Bottle" at Telcontar)

  8. #8
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,048

    Default Re: annoying message "The certificate authority's certificate isinvalid" in rekonq and kaddressbook

    On Sun, 30 Mar 2014 22:58:08 +0000, Carlos E. R. wrote:

    > On 2014-03-30 21:53, Jim Henderson wrote:
    >> On Sun, 30 Mar 2014 08:16:01 +0000, pier andreit wrote:
    >>
    >>> how can I get rid of this annoying message???

    >>
    >> Notify the website in question that their certificate may be invalid.
    >>
    >> Seriously, that's the best option - if you just blindly ignore the
    >> message, you may be subjecting yourself to a man-in-the-middle attack
    >> with a forged certificate.

    >
    > Some opensuse sites used for developing work have "invalid"
    > certificates, because they are self-signed ;-) :-p


    True, but in theory that /shouldn't/ be the case for a public website,
    which it seems is what we're talking about - not a development website.

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  9. #9
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,109
    Blog Entries
    2

    Default Re: annoying message "The certificate authority's certificate is invalid" in rekonq and kaddressbook

    Quote Originally Posted by nrickert View Post
    I'm pretty sure that the certificate store in opensuse is populated from the firefox certificates, with a few additions. I'm not aware of any cost for having CA certificates on hand. There is typically a cost for a client certificate, such as if you run a secure (https) web site.
    In my experience,
    Every web browser maintains its own certificate store individually, nothing is shared.

    In the same vein, the OS maintains its own cert stores for its own use and is never used by many apps, eg web browsers.

    Each cert store should be individual because each might be used for s particular purpose, eg corporate network security. So, logins could be based on certs which should not ever be exposed as common website certs.

    TSU

  10. #10
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,480
    Blog Entries
    3

    Default Re: annoying message "The certificate authority's certificate is invalid" in rekonq and kaddressbook

    Quote Originally Posted by tsu2 View Post
    In my experience,
    Every web browser maintains its own certificate store individually, nothing is shared.
    Probably true for some browsers.

    I'm looking at Yast Software Manager. The description of the package "ca-certificates-mozilla" says:
    • This package contains some CA root certificates for OpenSSL extracted from MozillaFirefox

    No, the system isn't sharing with firefox. Rather, the certificates have been extracted from firefox, and added to the system wide openssl store. I know, for sure, that "fetchmail" uses that certificate store. I suspect that konqueror does, too.[/QUOTE]
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

Page 1 of 4 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •