FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 02-27-2011, 08:51 PM
Marc Shapiro
 
Default How do I tel SSL to trust a certificate?

I am trying to access my work computer from home using the Citrix
client. First, I connect to the companies web-site and log in. I
navigate from there to a link for remote login. On selecting that, I
should be presented with a login for my computer at work. This has
worked in the past, but I am now getting the following error:


You have not chosen to trust "VeriSign 3 Public Primary Certification
Authority - G3", the issuer of the server's security certificate (SSL
error 61).



The following Verisign certificates are in /usr/share/ca-certificates:

VeriSign_Class_3_Public_Primary_Certification_Auth ority_-_G5.crt
Verisign_Class_1_Public_Primary_Certification_Auth ority.crt
Verisign_Class_1_Public_Primary_Certification_Auth ority_-_G2.crt
Verisign_Class_1_Public_Primary_Certification_Auth ority_-_G3.crt
Verisign_Class_2_Public_Primary_Certification_Auth ority.crt
Verisign_Class_2_Public_Primary_Certification_Auth ority_-_G2.crt
Verisign_Class_2_Public_Primary_Certification_Auth ority_-_G3.crt
Verisign_Class_3_Public_Primary_Certification_Auth ority.crt
Verisign_Class_3_Public_Primary_Certification_Auth ority_-_G2.crt
Verisign_Class_3_Public_Primary_Certification_Auth ority_-_G3.crt
Verisign_Class_4_Public_Primary_Certification_Auth ority_-_G2.crt
Verisign_Class_4_Public_Primary_Certification_Auth ority_-_G3.crt
Verisign_RSA_Secure_Server_CA.crt
Verisign_Time_Stamping_Authority_CA.crt


I have run dpkg-reconfigure ca-certificates, but I am still getting the
above error.


How do I set the configurations to trust the certificate, or at least
ask me if it should be accepted this time (as it used to do)?


Marc


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4D6AC759.1000503@gmail.com">http://lists.debian.org/4D6AC759.1000503@gmail.com
 
Old 02-28-2011, 03:59 AM
Michael Tsang
 
Default How do I tel SSL to trust a certificate?

On Monday 28 February 2011 05:51:21 Marc Shapiro wrote:
> I am trying to access my work computer from home using the Citrix
> client. First, I connect to the companies web-site and log in. I
> navigate from there to a link for remote login. On selecting that, I
> should be presented with a login for my computer at work. This has
> worked in the past, but I am now getting the following error:
>
> You have not chosen to trust "VeriSign 3 Public Primary Certification
> Authority - G3", the issuer of the server's security certificate (SSL
> error 61).
Put that certificate (base64 encoded and ending in .crt) in
/usr/local/share/ca-certificates and re-run dpkg-reconfigure ca-certificates
--
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
 
Old 02-28-2011, 04:02 AM
"Boyd Stephen Smith Jr."
 
Default How do I tel SSL to trust a certificate?

In <4D6AC759.1000503@gmail.com>, Marc Shapiro wrote:
>I am trying to access my work computer from home using the Citrix
>client. First, I connect to the companies web-site and log in. I
>navigate from there to a link for remote login. On selecting that, I
>should be presented with a login for my computer at work. This has
>worked in the past, but I am now getting the following error:
>
>You have not chosen to trust "VeriSign 3 Public Primary Certification
>Authority - G3", the issuer of the server's security certificate (SSL
>error 61).

ICA Client, despite having an unofficial Debian package, is not well-
integrated into Debian. Instead of using the standard directory tree under
/usr/share/ca-certificates, it has its own little certificate store.

Install (or symlink) .crt files into /usr/lib/ICAClient/keystore/cacerts and
complain to Citrix. I could probably fix their package, but I'd be unable to
distribute it. I can certainly cover the common case without even seeing
their source. (A simple GNU find command to symlink /usr/share/ca-
certificates/**/*.crt under /usr/lib/ICAClient/keystore/cacerts.)

HTH
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
bss@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/ \_/
 
Old 02-28-2011, 05:01 AM
Marc Shapiro
 
Default How do I tel SSL to trust a certificate?

On 02/27/11 21:02, Boyd Stephen Smith Jr. wrote:

In<4D6AC759.1000503@gmail.com>, Marc Shapiro wrote:

I am trying to access my work computer from home using the Citrix
client. First, I connect to the companies web-site and log in. I
navigate from there to a link for remote login. On selecting that, I
should be presented with a login for my computer at work. This has
worked in the past, but I am now getting the following error:

You have not chosen to trust "VeriSign 3 Public Primary Certification
Authority - G3", the issuer of the server's security certificate (SSL
error 61).


ICA Client, despite having an unofficial Debian package, is not well-
integrated into Debian. Instead of using the standard directory tree under
/usr/share/ca-certificates, it has its own little certificate store.

Install (or symlink) .crt files into /usr/lib/ICAClient/keystore/cacerts and
complain to Citrix. I could probably fix their package, but I'd be unable to
distribute it. I can certainly cover the common case without even seeing
their source. (A simple GNU find command to symlink /usr/share/ca-
certificates/**/*.crt under /usr/lib/ICAClient/keystore/cacerts.)

HTH


Yes! That did it. I didn't bother to symlink everything, but I did get
all of the Verisign certificates under
/usr/share/ca-certificates/mozilla/ and that has me up and running.
Thank you very much!


Marc


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4D6B3A2C.5090509@gmail.com">http://lists.debian.org/4D6B3A2C.5090509@gmail.com
 

Thread Tools




All times are GMT. The time now is 01:19 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org