FC5t1: SSL not working (https, pops), what I'm missing?
Kimmo Koivisto
kimmo.koivisto at surfeu.fi
Sat Nov 26 22:20:02 UTC 2005
Hello
I installed FC5t1, minimal installation. Then I added kde stuff with yum and
kde is now working quite well. Problem is that I cannot use any SSL
connections :(
1. When I try use https in konqueror to the solo1.nordea.fi, I get "error
connecting to https://solo1.nordea.fi"
2. Kmail is not able to use SSL with pop
3. I cannot add any CA certificates to the CA-list
Firewall does not block anything, these worked with FC4.
Any ideas?
Regards
Kimmo Koivisto
<openssl s_client output from SSL handshake>
openssl s_client -host solo1.nordea.fi -port 443
CONNECTED(00000003)
depth=0 /C=FI/ST=Finland/L=Helsinki/O=Nordea Bank Finland Plc/OU=Electronic
Banking/CN=SOLO1.NORDEA.FI
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=FI/ST=Finland/L=Helsinki/O=Nordea Bank Finland Plc/OU=Electronic
Banking/CN=SOLO1.NORDEA.FI
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=FI/ST=Finland/L=Helsinki/O=Nordea Bank Finland Plc/OU=Electronic
Banking/CN=SOLO1.NORDEA.FI
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=FI/ST=Finland/L=Helsinki/O=Nordea Bank Finland Plc/OU=Electronic
Banking/CN=SOLO1.NORDEA.FI
i:/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIID0jCCAz+gAwIBAgIQOBs+it9vB/8biWMWb1K2SjANBgkqhkiG9w0BAQUFADBf
MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJpdHksIEluYy4x
LjAsBgNVBAsTJVNlY3VyZSBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
HhcNMDUwNDE0MDAwMDAwWhcNMDYwNDE0MjM1OTU5WjCBizELMAkGA1UEBhMCRkkx
EDAOBgNVBAgTB0ZpbmxhbmQxETAPBgNVBAcUCEhlbHNpbmtpMSAwHgYDVQQKFBdO
b3JkZWEgQmFuayBGaW5sYW5kIFBsYzEbMBkGA1UECxQSRWxlY3Ryb25pYyBCYW5r
aW5nMRgwFgYDVQQDFA9TT0xPMS5OT1JERUEuRkkwgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBAPHU4oFz1tuixpk0svx4wXwT80+aBW+gDf1pXcVz+idfY1eLWZz8
u96ZXqwED+1rB4fal7w9W9rGoMqXHKfNIvUrO1tElegPCwZji/MkKmIQz/euXzQy
iX+8N/s0PdamN0YnwV0TP4tmFyXebQfthXR/H2/wCGKExOUo+SPWuf5RAgMBAAGj
ggFkMIIBYDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDA8BgNVHR8ENTAzMDGgL6At
hitodHRwOi8vY3JsLnZlcmlzaWduLmNvbS9SU0FTZWN1cmVTZXJ2ZXIuY3JsMEQG
A1UdIAQ9MDswOQYLYIZIAYb4RQEHFwMwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93
d3cudmVyaXNpZ24uY29tL3JwYTAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJp
c2lnbi5jb20wbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEw
HzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28u
dmVyaXNpZ24uY29tL3ZzbG9nby5naWYwDQYJKoZIhvcNAQEFBQADfgA2FnoXFPr8
90IVyt3BMluh2JMEe1Twe2dVGqT/t8HBfgYLs565yuJUe7SHEpZtwEq52Xendofk
6yOemQltfV9lXlBpuJiozGKU99OipcV9TBaqlngDNEPslhEe/U5/Fwxu8GGyY/cS
KEl2zICN+zMKg8IdtHVlojjn2rRDzw==
-----END CERTIFICATE-----
subject=/C=FI/ST=Finland/L=Helsinki/O=Nordea Bank Finland Plc/OU=Electronic
Banking/CN=SOLO1.NORDEA.FI
issuer=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification
Authority
---
No client certificate CA names sent
---
SSL handshake has read 1144 bytes and written 340 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID:
82ADB28FE12199AA96B200B7270CF61C5EA6E644E037D16426A112D1B08E79B7
Session-ID-ctx:
Master-Key:
3661E6C583DF7552D38AB72CD148EF00E1C336EC8827F47B787D5F207A4896496A550EB437BCDAD854A50FF92040DC83
Key-Arg : None
Krb5 Principal: None
Start Time: 1133043403
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
</openssl s_client output from SSL handshake>
More information about the fedora-test-list
mailing list