1 |
Fernando Rodriguez <frodriguez.developer@×××××××.com> writes: |
2 |
|
3 |
> On Saturday, September 05, 2015 1:05:06 AM lee wrote: |
4 |
>> >> |
5 |
>> >> It doesn't work. I've imported the certificate now at home, and no |
6 |
>> >> matter what trust I set or whatever I do, I cannot connect, and I cannot |
7 |
>> >> add an exception. |
8 |
>> |
9 |
>> I can (have to) do with seamonkey 2.30 at work and mutt at home. This |
10 |
>> isn't a long-term solution because it forbids updating the web browser |
11 |
>> and email clients for everyone at work ever since. |
12 |
>> |
13 |
>> Is this a bug of seamonkey? I could make a bug report in that case. |
14 |
> |
15 |
> Adding the CA certificate and ticking all trust options does work but it seems |
16 |
> not all self-signed certs have one. |
17 |
|
18 |
It worked at work and didn't work at home. It's weird. |
19 |
|
20 |
> If when you run openssl s_client -connect |
21 |
> host:443 -showcerts it list more than one cert then you want to import the |
22 |
> last under authorities. |
23 |
|
24 |
As far as I can tell, it shows only one certificate. When I import it, |
25 |
it shows up correctly. |
26 |
|
27 |
> You can try backing up and deleting your profile directory, if it works with a |
28 |
> new one either go through all the ssl about:config settings and compare them or |
29 |
> just start over with new settings and import bookmarks, etc. If you both have |
30 |
> the same version then it must not be a change or bug. |
31 |
|
32 |
It's not that. I've tried it at work with a seamonkey on a windoze 7 VM |
33 |
with a seamonkey that had only been used for web browsing and for which |
34 |
I haven't changed any settings that could be even remotely related to |
35 |
this. |
36 |
|
37 |
The inability to add an exception is consistent over at least 5 totally |
38 |
different machines, Linux and windoze, with at least seamonkey and |
39 |
thunderbird. On at least two of these machines, older versions like |
40 |
seamonkey 2.30, simply let me add an exception while newer versions |
41 |
don't. Update seamonkey on the terminal server, create a new user, try |
42 |
to set up seamonkey so that they can access their email, and you cannot |
43 |
add an exception. You have to revert to 2.30, add the exception, and |
44 |
then you can go back to 2.33.1 and it works because the exception was |
45 |
added. |
46 |
|
47 |
So this must either be a bug of seamonkey and its relatives, or a |
48 |
default setting that has changed with newer versions, or something needs |
49 |
to be done with all(!) self-signed certificates, or adding exceptions |
50 |
has been disabled intentionally, which would require another way to do |
51 |
it because they cannot expect everyone to somehow change their perfectly |
52 |
fine certificates or to buy signed ones. |
53 |
|
54 |
|
55 |
-- |
56 |
Again we must be afraid of speaking of daemons for fear that daemons |
57 |
might swallow us. Finally, this fear has become reasonable. |