[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Fedora User Certificates



Martin Sourada wrote:
On Fri, 2008-08-22 at 10:20 -0500, Dennis Gilmore wrote:
Effective immediately we have replaced the CA that is in use for cvs.fedoraproject.org and koji.fedoraproject.org This effects uploading to lookaside cache and building packages.

There are some manual steps that everyone needs to do to be able to use the systems again.

they are login to https://admin.fedoraproject.org/accounts/ and click on the "Download a client-side certificate" link at the bottom of the home page. save the output to ~/.fedora.cert

rm ~/.fedora-server-ca.cert ~/.fedora-upload-ca.cert
fedora-packager-setup

then open your browser got to Edit -> Preferences -> Advanced -> Encryption -> View Certificates -> Your Certificates Select your existing Certificate and remove it then import the new one from ~/fedora-browser-cert.p12 you will be able to log in to koji

I did this and I am still not able to log in to koji (trying with epiphany and firefox). This error pops out:

Secure Connection Failed

An error occurred during a connection to koji.fedoraproject.org.

Peer does not recognize and trust the CA that issued your certificate.

(Error code: ssl_error_unknown_ca_alert)

The page you are trying to view can not be shown because the
authenticity of the received data could not be verified.

    * Please contact the web site owners to inform them of this problem.

Is it me, or is it koji problem?

Thanks,
Martin

Parts of the Fedora infrastructure do not use certificates issued by a
CA already trusted by Firefox, but from Fedora's own certificate authority.

If you decide to trust Fedora to issue certificates that can identify
web sites, you could decide to import that CA cert to your set of
trusted roots.

You could go to https://admin.fedoraproject.org/fingerprints and install
the CA certificate available from the bottom of that page.

(Unfortunately the mime type currently is not application/x-x509-ca-cert
so you have to safe that file, and then open it, you might even have to
go to certificate manager and open the authorities tab, then import from
there.)

You can confirm the origin of the certificate by comparing the
fingerprint presented by Firefox with the one listed on the fingerprints
page (at least you'll know that the fingerprints page and the CA are
controlled by the same people).

Hope that helps,
Kai



Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]