Opened 11 years ago
Last modified 10 years ago
#4625 new defect
Certificate installation required for Internet access on SA networks
| Reported by: | JerryV | Owned by: | |
|---|---|---|---|
| Priority: | High | Milestone: | Unspecified |
| Component: | Browse | Version: | Unspecified |
| Severity: | Unspecified | Keywords: | AU1B, AU |
| Cc: | Distribution/OS: | Unspecified | |
| Bug Status: | Unconfirmed |
Description
F14 - 11.3.1 background information http://dev.laptop.org.au/issues/1774 Now 13.2's Browse doesn't prompt to install the self-signed certificate, this requires manual intervention before internet access is available. Where should we install the certificate to?
Change History (6)
comment:1 Changed 11 years ago by godiard
- Priority changed from Unspecified by Maintainer to High
comment:2 Changed 11 years ago by godiard
- Component changed from Sugar to Browse
comment:3 Changed 11 years ago by godiard
comment:4 Changed 11 years ago by quozl
The background information is unavailable, http://dev.laptop.org.au/issues/1774 yields "403". I don't understand the problem description in #4625. I speculate that a customer network requires installation of a certificate in web browsers. Unless the cause of the change can be deduced from regression analysis on Browse sources, the next best thing is to capture the communication between Browse and the network on 11.3.1 in order to replicate it on 13.2.
comment:5 Changed 10 years ago by godiard
Add here a conversation with Matthew:
I think we need look at this as a opportunity to fix Browse properly.
While creating a Firefox activity can be a workaround,
after that, you will find 100 problems.
Sugarized applications are never perfectly integrated.
We need understand what is doing Firefox different:
- Show to the user a dialog and add the user name/password to a database?
- Store a certificate?
- Where?
- There are a file cert8.db?
- Can we get a certificate file?
In the directory /home/olpc/Browse.activity/ we have a file cert8.db, and in theory Browse is using it.
I have tried use certutil to install a certificate, like [1]
using the file SAEDURootCA.cer from http://dev.laptop.org.au/issues/1774
but tell me "The certificate database is in an old, unsupported format"
Now, that file can be old or broken, because when I do (in my desktop):
certutil -d /home/gonzalo/.mozilla/firefox/gbfnonsw.default -L
I can see a list of installed certificates, but if I do the same in the Browse directory get:
certutil -d /home/gonzalo/Activities/Browse.activity -L
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.
Is possible try copy the firefox cert8.db file to the Browse.activity directory and see if that solves the problem?
If that work, we need see if we can install the needed certificates using certutil or something else.
As you can see, more questions than replies, but I hope this help.
Gonzalo
comment:6 Changed 10 years ago by mmack
- Keywords AU added
I need more information about this issue.
The certificate is needed by the proxy or by the connection?
Also, I have downloaded FS70_412install_saedu_ca0.sh, but that use /usr/bin/security
and looking at google, looks like a apple tool.
What happen if the certificate is not installed? Web navigation is not possible?