Results 1 to 5 of 5

Thread: CA Cert?

  1. #1

    Default CA Cert?

    Hello there,

    I installed OpenSuse 6 months ago, I think, and just recently I get this message after the OS is initiated:
    Do you ultimately trust
    "CN=CA Cert Signing Authority
    OU=httpx2f\x2fwww.cacert.org
    O=Root CA
    EMail=support@cacert.org"
    to correctly certify user certificates?
    What should I answer?

    Thanks in advance

    juvenal

  2. #2
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    15,664
    Blog Entries
    3

    Default Re: CA Cert?

    Quote Originally Posted by juvenal View Post
    What should I answer?
    That's for you to decide. That's why you were asked.

    You must have installed the "ca-certificates-cacert" package. That's not part of a standard install, at least in my experience. However, I do install that here.

    I don't recall being asked to answer that question, though I would have responded "yes". But perhaps I answered that long ago and it is in my configuration settings. That looks like a "gpg" message, so your answer would be reflected in gpg trust settings.
    openSUSE Leap 15.3; KDE Plasma 5.18.6;

  3. #3

    Default Re: CA Cert?

    Quote Originally Posted by nrickert View Post
    That's for you to decide. That's why you were asked.

    You must have installed the "ca-certificates-cacert" package. That's not part of a standard install, at least in my experience. However, I do install that here.

    I don't recall being asked to answer that question, though I would have responded "yes". But perhaps I answered that long ago and it is in my configuration settings. That looks like a "gpg" message, so your answer would be reflected in gpg trust settings.
    Thank you for your quick response. I answered "yes" and then it asks me
    Please verify that the certificate identified as:
    "CN=CA Cert Signing Authority
    OU=httpx2f\x2fwww.cacert.org
    O=Root CA
    EMail=support@cacert.org"
    has the fingerprint:
    13:5C:.....
    How do I verify that?

    juvenal

  4. #4
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    15,664
    Blog Entries
    3

    Default Re: CA Cert?

    I'm quite sure that I have never seen that question. I'm wondering what you did to be asked that. I'm wondering why any software would ask that, since it should be able to find the fingerprint without asking you.
    openSUSE Leap 15.3; KDE Plasma 5.18.6;

  5. #5
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,295
    Blog Entries
    2

    Default Re: CA Cert?

    CA root authorities are especially critical to security because as a <root> authority you are also trusting any intermediate authorities that might be created.

    I <highly> recommend you investigate and determine what apps or systems require this type of trust before you authorize trust.

    If it's asking only for the root authority's trust, then I recommend first inspecting the root authority's certificate and verify it's valid and not an imposter. Then, if valid I'd Google the CA to see if there's anything on the web about it... Whether it's experiencing any kind of problems or might have been hacked, maybe any apps or use specific to the CA.

    Only after diligent evaluation would I <then> consider installing a root CA.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •