I am haveing trouble with Chromium. I have tried to reach a web page https://pctsadmin.princeton.edu/upload/document/c575b986d7a237034596897ca516cda e.pdf
When I go there in Chromium, I just get the error page with the unhapply
jigsaw puzzle piece. No text saying what the trouble is. If I go in
Konqueror I get that it does not like the certifiace authority.
Going with wget, I get the message

wget https://pctsadmin.princeton.edu/upload/document/c575b986d7a237034596897ca516cda e.pdf
--2020-12-07 13:27:30-- https://pctsadmin.princeton.edu/upload/document/c575b986d7a237034596897ca516cda e.pdf
Resolving pctsadmin.princeton.edu (pctsadmin.princeton.edu)... 128.112.86.19 Connecting to pctsadmin.princeton.edu (pctsadmin.princeton.edu)|128.112.86.19|:443... connected.
ERROR: cannot verify pctsadmin.princeton.edu's certificate, issued by ‘CN=InCommon RSA Server CA,OU=InCommon,O=Internet2,L=Ann Arbor,ST=MI,C=US’:
Unable to locally verify the issuer's authority.
To connect to pctsadmin.princeton.edu insecurely, use `--no-check-certificate'.

which seems to say that it does not like the InCommon signing authority
since it does not have it.

On Chrome everything works. How to I transfer the signing authorities
from Chrome to Chromium? Since InCommon now seems to be being used by
many of the US universities, it is sort of important for me to be able
to use it. I have searched google but cannot find anything which tells
me how.


--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

William Unruh wrote:

If I go in Konqueror I get that it does not like the certifiace
authority.

I haven't tested this/these function/s w/ other browsers or tools, but
Firefox allows me to see and perform all manner of solutions to the
..pdf's certificate's problem.

It gives me the specific error syntax. It lets me view the site's cert.
It gives me an 'Advanced' button from which I have 'About Certificate'
which is scores of lines which also include the option to dl the cert
..pem as the cert and/or the cert chain. It gives links to the cert
authority site and other references.

Firefox's certificate manager lets me view my certificates and
authorities and import cert/s or authorities. such as the above .pem/s.

--
Mike Easter

--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: Air Applewood, The Linux Gateway to the UK & Eire (2:250/1@fidonet)

On 2020-12-07, William Unruh <unruh@invalid.ca> wrote:

I am haveing trouble with Chromium. I have tried to reach a web page

https://pctsadmin.princeton.edu/upload/document/c575b986d7a237034596897ca516cda e.pdf

When I go there in Chromium, I just get the error page with the unhapply jigsaw puzzle piece. No text saying what the trouble is. If I go in
Konqueror I get that it does not like the certifiace authority.
Going with wget, I get the message

wget

https://pctsadmin.princeton.edu/upload/document/c575b986d7a237034596897ca516cda e.pdf

--2020-12-07 13:27:30--

https://pctsadmin.princeton.edu/upload/document/c575b986d7a237034596897ca516cda e.pdf

Resolving pctsadmin.princeton.edu (pctsadmin.princeton.edu)... 128.112.86.19 Connecting to pctsadmin.princeton.edu

(pctsadmin.princeton.edu)|128.112.86.19|:443... connected.

ERROR: cannot verify pctsadmin.princeton.edu's certificate, issued by

‘CN=InCommon RSA Server CA,OU=InCommon,O=Internet2,L=Ann Arbor,ST=MI,C=US’:

Unable to locally verify the issuer's authority.
To connect to pctsadmin.princeton.edu insecurely, use

`--no-check-certificate'.

which seems to say that it does not like the InCommon signing authority
since it does not have it.

On Chrome everything works. How to I transfer the signing authorities
from Chrome to Chromium? Since InCommon now seems to be being used by
many of the US universities, it is sort of important for me to be able
to use it. I have searched google but cannot find anything which tells
me how.

Additional information: Mageia 7.1 updated, XFCE desktop.
Note that I tried transfering the Chrome .config/google-chrome/Safe
Browsing directory from Chrome to chromium, but that made no difference.

--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

William Unruh wrote:

I am haveing trouble with Chromium. I have tried to reach a web page >https://pctsadmin.princeton.edu/upload/document/c575b986d7a237034596897ca516cd ae.pdf

I've booted a Raspbian w/ Chromium 78.0.3904.108. It has no problem w/
that site's cert and says the site/.pdf is secure and provides me a
look at the cert which resembles the view I was able to get from the
Ffx advanced function.

That is, ffx default did NOT have the cert by default, but it provided
me w/ plenty of ways to get necessary info incl the cert and authority
etc; while Chromium default DID have the cert & auth by default.

Strangely, to me, I was not able to find the InCommon authority in
Chromium's list of authorities, so it must've been in there by some
other name.



--
Mike Easter


--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: Air Applewood, The Linux Gateway to the UK & Eire (2:250/1@fidonet)

Mike Easter wrote:

Strangely, to me, I was not able to find the InCommon authority in
Chromium's list of authorities, so it must've been in there by some
other name.

Here's some more about this Incommon business from another .edu:

https://uit.stanford.edu/service/ssl/chain Stanford gets many of its
SSL certificates from the InCommon Certificate service. Here is some information about InCommon-supplied certificates and certificate chains.

.... and a tool to decode the cert:

https://www.sslshopper.com/certificate-decoder.html Use this
Certificate Decoder to decode your PEM encoded SSL certificate and
verify that it contains the correct information.

Also:

https://chromium.googlesource.com/chromium/src/+/master/docs/linux/cert_managem ent.md

The easy way to manage certificates is navigate to

chrome://settings/search#ssl. Then click on the “Manage Certificates” button. This will load a built-in interface for managing certificates.

On Linux, Chromium uses the NSS Shared DB. If the built-in manager does not

work for you then you can configure certificates with the NSS command line tools.



--
Mike Easter

--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: Air Applewood, The Linux Gateway to the UK & Eire (2:250/1@fidonet)

On 2020-12-07, Mike Easter <MikeE@ster.invalid> wrote:

William Unruh wrote:

I am haveing trouble with Chromium. I have tried to reach a web page >>https://pctsadmin.princeton.edu/upload/document/c575b986d7a237034596897ca516c dae.pdf

I've booted a Raspbian w/ Chromium 78.0.3904.108. It has no problem w/

On Mageia it has 86.0.4240.198. So it seems that there is something else
that is supplying the Authority certs.

that site's cert and says the site/.pdf is secure and provides me a
look at the cert which resembles the view I was able to get from the
Ffx advanced function.

That is, ffx default did NOT have the cert by default, but it provided
me w/ plenty of ways to get necessary info incl the cert and authority
etc; while Chromium default DID have the cert & auth by default.

Surprizing. It is not there on Mageia 7 updated.

Strangely, to me, I was not able to find the InCommon authority in
Chromium's list of authorities, so it must've been in there by some
other name.

Or they disabled it by default?





--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On 2020-12-07, Mike Easter <MikeE@ster.invalid> wrote:

Mike Easter wrote:

Strangely, to me, I was not able to find the InCommon authority in
Chromium's list of authorities, so it must've been in there by some
other name.

Here's some more about this Incommon business from another .edu:

https://uit.stanford.edu/service/ssl/chain Stanford gets many of its
SSL certificates from the InCommon Certificate service. Here is some information about InCommon-supplied certificates and certificate chains.

... and a tool to decode the cert:

https://www.sslshopper.com/certificate-decoder.html Use this
Certificate Decoder to decode your PEM encoded SSL certificate and
verify that it contains the correct information.

certutil says I have one, certbundle (which I assume is in /etc/ssl/certs/ca-bundle.ca)

I tried to put the InCommon Certificate in that same directory, but tht
did not help. I suppose I have to somehow "install " it.
Trying to do so from the Setting->Security->Management of Certificates
just gave me "There is no private key for that certificate" error
message. Not helpful.

Also:

https://chromium.googlesource.com/chromium/src/+/master/docs/linux/cert_managem ent.md

The easy way to manage certificates is navigate to chrome://settings/search#ssl. Then click on the “Manage Certificates” button. This will load a built-in interface for managing certificates.

Unfortunately it says I have NO certificates. Which is, I believe silly
and wrong.

I tried to install but I got the above error message.

On Linux, Chromium uses the NSS Shared DB. If the built-in manager does not work for you then you can configure certificates with the NSS command line tools.

--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

William Unruh wrote:

Unfortunately it says I have NO certificates. Which is, I believe silly
and wrong.

I tried to install but I got the above error message.

I tried your URL on four browsers, and all worked.


https://pctsadmin.princeton.edu/upload/document/c575b986d7a237034596897ca516cda e.pdf

That never happens :-) Nothing on the web ever works
on four browsers.

Website analysis.

https://www.ssllabs.com/ssltest/analyze.html?d=pctsadmin.princeton.edu

Browser analysis.

https://www.ssllabs.com/ssltest/viewMyClient.html

Paul

--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On 2020-12-08, Paul <nospam@needed.invalid> wrote:

William Unruh wrote:

Unfortunately it says I have NO certificates. Which is, I believe silly
and wrong.

I tried to install but I got the above error message.

I tried your URL on four browsers, and all worked.

Which 4? Mine does not work on chromium, or konqueror. It does on
Firefox and Chrome1.

Maybe the problem is that it does not know what program to use to open a
pdf. wget now works, after I put in certificate into /etc/ssl/certs.

https://pctsadmin.princeton.edu/upload/document/c575b986d7a237034596897ca516cda e.pdf

That never happens :-) Nothing on the web ever works
on four browsers.

Website analysis.

https://www.ssllabs.com/ssltest/analyze.html?d=pctsadmin.princeton.edu

Browser analysis.

https://www.ssllabs.com/ssltest/viewMyClient.html

Paul

--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On 2020-12-07, William Unruh <unruh@invalid.ca> wrote:

I am haveing trouble with Chromium. I have tried to reach a web page

https://pctsadmin.princeton.edu/upload/document/c575b986d7a237034596897ca516cda e.pdf

When I go there in Chromium, I just get the error page with the unhapply jigsaw puzzle piece. No text saying what the trouble is. If I go in
Konqueror I get that it does not like the certifiace authority.
Going with wget, I get the message

wget

https://pctsadmin.princeton.edu/upload/document/c575b986d7a237034596897ca516cda e.pdf

--2020-12-07 13:27:30--

https://pctsadmin.princeton.edu/upload/document/c575b986d7a237034596897ca516cda e.pdf

Resolving pctsadmin.princeton.edu (pctsadmin.princeton.edu)... 128.112.86.19 Connecting to pctsadmin.princeton.edu

(pctsadmin.princeton.edu)|128.112.86.19|:443... connected.

ERROR: cannot verify pctsadmin.princeton.edu's certificate, issued by

‘CN=InCommon RSA Server CA,OU=InCommon,O=Internet2,L=Ann Arbor,ST=MI,C=US’:

Unable to locally verify the issuer's authority.
To connect to pctsadmin.princeton.edu insecurely, use

`--no-check-certificate'.

which seems to say that it does not like the InCommon signing authority
since it does not have it.

On Chrome everything works. How to I transfer the signing authorities
from Chrome to Chromium? Since InCommon now seems to be being used by
many of the US universities, it is sort of important for me to be able
to use it. I have searched google but cannot find anything which tells
me how.

update the ca-certificates on your box.

for debian:

apt-get update && apt-get install ca-certificates



--
Jasen.

--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: JJ's own news server (2:250/1@fidonet)

On 07/12/2020 22.30, William Unruh wrote:

I am haveing trouble with Chromium. I have tried to reach a web page

https://pctsadmin.princeton.edu/upload/document/c575b986d7a237034596897ca516cda e.pdf

When I go there in Chromium, I just get the error page with the unhapply jigsaw puzzle piece. No text saying what the trouble is. If I go in
Konqueror I get that it does not like the certifiace authority.
Going with wget, I get the message

Looking at the pctsadmin.princeton.edu, it do not have the full chain in
the provided certificate, compared with pcts.princeton.edu which does
provide the full chain.

Someone who switches to a new provider should always provide the full
chain as it will take time before all OS and browsers has the ca cert
(keep in mind that some browsers uses their own ca certs and others uses
the OS listing).

If you want to add the InCommon public ca cert, I suggest you take a
look at their homepage to fetch it.

--

//Aho


--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: Air Applewood, The Linux Gateway to the UK & Eire (2:250/1@fidonet)