Home  
Login
Username:

Password:

Remember me



Lost Password?

Register now!
Sections
Who's Online
72 user(s) are online (62 user(s) are browsing Forums)

Members: 1
Guests: 71

orgin, more...
Support us!
Recent OS4 Files
OS4Depot.net





CA certificates
Just popping in
Joined:
2006/12/18 1:32
From Hawaii
Posts: 221
Attempts to get statement from my bank fail with this "error":

Peer certificate cannot be authenticated with known CA certificates

I don't suppose there is a way to fix this for OWB?

   Report Go to top

Re: CA certificates
Just popping in
Joined:
2007/2/14 15:50
From Australia
Posts: 61
I guess it would also depend on if you still want to trust the SSL. Basically, it can't confirm that the SSL is correct or not so it may be a fake.

Since it is a bank, unless you know for sure it is legitimate, I would err on the side of caution.

   Report Go to top

Re: CA certificates
Home away from home
Joined:
2007/5/19 13:23
From England
Posts: 3487
Try downloading http://curl.haxx.se/ca/cacert.pem , renaming it to curl-ca-bundle.crt , and then replacing the file in OWB's resources folder.

OWB's file is horribly out of date (2 years old!) and it should really have been updated in the OWB archive itself.

_________________
Author of the PortablE programming language.
I love using Amiga OS4.1
It is pitch black. You are likely to be eaten by a grue...
   Report Go to top

Re: CA certificates
Just can't stay away
Joined:
2007/2/23 13:49
From Finland, the land of Santa, sauna, sisu and salmiakki
Posts: 1059
I've noticed downloading and installing that latest cert file can make some sites like f.ex. Facebook not working any more. I switched back to some older version.

_________________
Rock lobster bit me, so excuse me.
X1000 + AmigaOS 4.1 FE. Be authentic.
"Anyone can build a fast CPU. The trick is to build a fast system." - Seymour Cray
   Report Go to top

Re: CA certificates
Not too shy to talk
Joined:
2006/11/27 8:32
From California - S.F. Bay area
Posts: 370
@TSK

I noticed the same problem with Amazon after installing the latest version.

_________________
Look, only one leg, count em, one!
X1000/PA6T@1800MHz/2Gb/Radeon XFX r9 270

   Report Go to top

Re: CA certificates
Quite a regular
Joined:
2009/4/28 3:57
From Adelaide, Australia
Posts: 817
Fix is here: http://amigaworld.net/modules/newbb/v ... topic_id=34010&forum=32&8

Well, if you ignore the certificates.

   Report Go to top

Re: CA certificates
Not too shy to talk
Joined:
2006/11/27 8:32
From California - S.F. Bay area
Posts: 370
@kilaueabart

From the OWB readme, might work.

WEBKIT_IGNORE_SSL_ERRORS: If set (content doesn't matter) SSL errors,
for example if certificate can't be authenticated, are ignored.

_________________
Look, only one leg, count em, one!
X1000/PA6T@1800MHz/2Gb/Radeon XFX r9 270

   Report Go to top

Re: CA certificates
Home away from home
Joined:
2006/11/26 21:45
From A haunted Castle somewhere in the Bavarian Mountains
Posts: 2878
http://github.com/ refuses to load aswell with the latest cert from the aforementioned website

_________________
If slaughterhouses had glass walls, everyone would be a vegetarian. ~ Sir Paul McCartney
-
Did everything just taste purple for a second? ~ Philip J. Fry
-
Ain't got no cash, ain't got no style, ladies vomit when I smile. ~ Dr. John Zoidberg
   Report Go to top

Re: CA certificates
Just popping in
Joined:
2006/12/18 1:32
From Hawaii
Posts: 221
"sicky"'s problem sounds very much like mine, and we have about the same result after trying the
suggested fixes. (I notice that the new curl-ca-bundle.crt is 11K shorter than the old one; could that
cause other problems?)

One difference is that so far I can access my bank, and view and/or download recent activity, make
transfers, etc. The only thing I know I can't do is look at my official monthly statement.

   Report Go to top

Re: CA certificates
Not too shy to talk
Joined:
2006/12/3 15:30
From Essex, UK
Posts: 416
@ChrisH
Quote:
Try downloading http://curl.haxx.se/ca/cacert.pem , renaming it to curl-ca-bundle.crt , and then replacing the file in OWB's resources folder.


Ah at last, this is now working for me thanks Chris

_________________
SAM 460 with 2GB or RAM, 1000GB HD, 4 port SATA, DVDRW drive and Radeon HD 4650 GFX card.
   Report Go to top

Re: CA certificates
Just popping in
Joined:
2006/12/18 1:32
From Hawaii
Posts: 221
Quote:

sicky wrote:
@ChrisH

Ah at last, this is now working for me thanks Chris


Hey, me too! Thanks, sicky (and Chris?).

OT: I guess Essex is north of the Sussexes?

   Report Go to top

Re: CA certificates
Not too shy to talk
Joined:
2006/12/3 15:30
From Essex, UK
Posts: 416
@kilaueabart

Quote:
Hey, me too! Thanks, sicky (and Chris?). OT: I guess Essex is north of the Sussexes?


It was ChrisH in this thread (ANT member and friend) who pointed out where to find the working certificate.

And yes Essex is north of Sussex, Essex is on north bank of Thames and Sussex on South coast, ironically although I live in Essex currently in my caravan in East Sussex (Camber Sands) on a little holiday

_________________
SAM 460 with 2GB or RAM, 1000GB HD, 4 port SATA, DVDRW drive and Radeon HD 4650 GFX card.
   Report Go to top

Re: CA certificates
Just popping in
Joined:
2006/12/18 1:32
From Hawaii
Posts: 221
Quote:

sicky wrote:
@kilaueabart

It was ChrisH in this thread (ANT member and friend) who pointed out where
to find the working certificate.


By golly, so it was! And the curiouser thing is, his fix is the one I tried and it
didn't work then, but now does. I'm sure I had rebooted; maybe it had to be a
complete machine reboot?

My daughter and grandsons live in Lewes, East Sussex. That's what made
me wonder about Essex proper, although I should have noticed it when I
visited them for three weeks in 1998.


   Report Go to top

Re: CA certificates
Not too shy to talk
Joined:
2006/12/3 15:30
From Essex, UK
Posts: 416
@kilaueabart

Quote:
By golly, so it was! And the curiouser thing is, his fix is the one I tried and it didn't work then, but now does. I'm sure I had rebooted; maybe it had to be a complete machine reboot?


I think that one was slightly different from one that was posted previously, the one installed now is the latest I believe!


_________________
SAM 460 with 2GB or RAM, 1000GB HD, 4 port SATA, DVDRW drive and Radeon HD 4650 GFX card.
   Report Go to top

Re: CA certificates
Just popping in
Joined:
2006/12/18 1:32
From Hawaii
Posts: 221
I thought it was the new http://curl.haxx.se/ca/cacert.pem file I put in OWB/Resources as curl-ca-bundle.crt that had fixed my problem, but I was completely wrong!

For one thing, it turns out not to have been the 264046 byte August 30 file that I had there, but a 68545 old one that I'm not sure where I got.

It took me quite some time (I've become rather senile) to figure out what was up. It started when I discovered that I couldn't fix mui-owb on my AmigaOne with that same file that I thought had cured OWB 3.32. Then I found out that it wouldn't fix either mui-owb or OWB 3.32 on my SAM460.

In the process of trying to find one of the various curl-ca-bundle.crt files I had available on disk (the two mentioned above, plus a 225828 model from 2009-09-22 and the 370603 byte one from 2011-03-09 that I think I got from a URL earlier in this thread. *Everything* worked with OWB 3.32; none worked with mui-owb.

Then I found out that OWB 3.32 didn't need any curl-ca- file; I could still get my statement from my bank.

It turns out that I had taken the advice to put a file reading "1" and named WEBKIT_IGNORE_SSL_ERRORS in Env-Archive that had done the trick.

Unfortunately that doesn't effect mui-owb, but that's a different forum. In a few moments I will check whether it works on OWB on the SAM.

   Report Go to top

Re: CA certificates
Just popping in
Joined:
2006/12/18 1:32
From Hawaii
Posts: 221
Quote:

kilaueabart wrote:

It took me quite some time (I've become rather senile) to figure out what was up. It started when I discovered that I couldn't fix mui-owb on my AmigaOne with that same file that I thought had cured OWB 3.32. Then I found out that it wouldn't fix either mui-owb or OWB 3.32 on my SAM460.

In the process of trying to find one of the various curl-ca-bundle.crt files I had available on disk (the two mentioned above, plus a 225828 model from 2009-09-22 and the 370603 byte one from 2011-03-09 that I think I got from a URL earlier in this thread. *Everything* worked with OWB 3.32; none worked with mui-owb.

Then I found out that OWB 3.32 didn't need any curl-ca- file; I could still get my statement from my bank.

It turns out that I had taken the advice to put a file reading "1" and named WEBKIT_IGNORE_SSL_ERRORS in Env-Archive that had done the trick.

Unfortunately that doesn't effect mui-owb, but that's a different forum. In a few moments I will check whether it works on OWB on the SAM.


It does, but more importantly I found the "Ignore SSL errors" in the muiowb configuration that you guys were all keeping secret from me and can now get my bank statements with muiowb on either machine!

   Report Go to top

Re: CA certificates
Just can't stay away
Joined:
2006/12/1 18:01
From Copenhagen, Denmark
Posts: 1028
Quote:
kilaueabart wrote:
In the process of trying to find one of the various curl-ca-bundle.crt files I had available on disk (the two mentioned above, plus a 225828 model from 2009-09-22 and the 370603 byte one from 2011-03-09 that I think I got from a URL earlier in this thread. *Everything* worked with OWB 3.32; none worked with mui-owb.

Then I found out that OWB 3.32 didn't need any curl-ca- file; I could still get my statement from my bank.
Are you sure you don't have another copy of (some version of) the file in DEVS:? OWB can read it from there as well.

Best regards,

Niels

   Report Go to top

Re: CA certificates
Just popping in
Joined:
2006/12/18 1:32
From Hawaii
Posts: 221
Quote:

nbache wrote:
Quote:
kilaueabart wrote:
[...] I found out that OWB 3.32 didn't need any curl-ca- file; I could still get my statement from my bank.
Are you sure you don't have another copy of (some version of) the file in DEVS:? OWB can read it from there as well.
Pretty sure. Unless it's disguised as AmiSSL/Certs.

One way I went wrong is I thought the bank was keeping me out because I didn't have
the right certification and they thought I might be some kind of hacker.
Now I realize that the browsers are trying to protect me from potential bad guys, and
all I need to do is say, I don't need your protection right now.
With the original OWB I have to tell Env-Archive; with muiowb, it's part of Preferences.

   Report Go to top





[Advanced Search]


Powered by XOOPS 2.0 © 2001-2016 The XOOPS Project