| 1 |
Fernando Rodriguez <frodriguez.developer@×××××××.com> writes: |
| 2 |
|
| 3 |
> On Saturday, September 05, 2015 1:05:06 AM lee wrote: |
| 4 |
>> >> |
| 5 |
>> >> It doesn't work. I've imported the certificate now at home, and no |
| 6 |
>> >> matter what trust I set or whatever I do, I cannot connect, and I cannot |
| 7 |
>> >> add an exception. |
| 8 |
>> |
| 9 |
>> I can (have to) do with seamonkey 2.30 at work and mutt at home. This |
| 10 |
>> isn't a long-term solution because it forbids updating the web browser |
| 11 |
>> and email clients for everyone at work ever since. |
| 12 |
>> |
| 13 |
>> Is this a bug of seamonkey? I could make a bug report in that case. |
| 14 |
> |
| 15 |
> Adding the CA certificate and ticking all trust options does work but it seems |
| 16 |
> not all self-signed certs have one. |
| 17 |
|
| 18 |
It worked at work and didn't work at home. It's weird. |
| 19 |
|
| 20 |
> If when you run openssl s_client -connect |
| 21 |
> host:443 -showcerts it list more than one cert then you want to import the |
| 22 |
> last under authorities. |
| 23 |
|
| 24 |
As far as I can tell, it shows only one certificate. When I import it, |
| 25 |
it shows up correctly. |
| 26 |
|
| 27 |
> You can try backing up and deleting your profile directory, if it works with a |
| 28 |
> new one either go through all the ssl about:config settings and compare them or |
| 29 |
> just start over with new settings and import bookmarks, etc. If you both have |
| 30 |
> the same version then it must not be a change or bug. |
| 31 |
|
| 32 |
It's not that. I've tried it at work with a seamonkey on a windoze 7 VM |
| 33 |
with a seamonkey that had only been used for web browsing and for which |
| 34 |
I haven't changed any settings that could be even remotely related to |
| 35 |
this. |
| 36 |
|
| 37 |
The inability to add an exception is consistent over at least 5 totally |
| 38 |
different machines, Linux and windoze, with at least seamonkey and |
| 39 |
thunderbird. On at least two of these machines, older versions like |
| 40 |
seamonkey 2.30, simply let me add an exception while newer versions |
| 41 |
don't. Update seamonkey on the terminal server, create a new user, try |
| 42 |
to set up seamonkey so that they can access their email, and you cannot |
| 43 |
add an exception. You have to revert to 2.30, add the exception, and |
| 44 |
then you can go back to 2.33.1 and it works because the exception was |
| 45 |
added. |
| 46 |
|
| 47 |
So this must either be a bug of seamonkey and its relatives, or a |
| 48 |
default setting that has changed with newer versions, or something needs |
| 49 |
to be done with all(!) self-signed certificates, or adding exceptions |
| 50 |
has been disabled intentionally, which would require another way to do |
| 51 |
it because they cannot expect everyone to somehow change their perfectly |
| 52 |
fine certificates or to buy signed ones. |
| 53 |
|
| 54 |
|
| 55 |
-- |
| 56 |
Again we must be afraid of speaking of daemons for fear that daemons |
| 57 |
might swallow us. Finally, this fear has become reasonable. |
Archives