Login
Username:

Password:

Remember me



Lost Password?

Register now!

Sections

Who's Online
95 user(s) are online (54 user(s) are browsing Forums)

Members: 0
Guests: 95

more...

Headlines

 
  Register To Post  

CA certificates
Just popping in
Just popping in


See User information
Attempts to get statement from my bank fail with this "error":

Peer certificate cannot be authenticated with known CA certificates

I don't suppose there is a way to fix this for OWB?

Go to top
Re: CA certificates
Just popping in
Just popping in


See User information
I guess it would also depend on if you still want to trust the SSL. Basically, it can't confirm that the SSL is correct or not so it may be a fake.

Since it is a bank, unless you know for sure it is legitimate, I would err on the side of caution.

Go to top
Re: CA certificates
Home away from home
Home away from home


See User information
Try downloading http://curl.haxx.se/ca/cacert.pem , renaming it to curl-ca-bundle.crt , and then replacing the file in OWB's resources folder.

OWB's file is horribly out of date (2 years old!) and it should really have been updated in the OWB archive itself.

Author of the PortablE programming language.
Go to top
Re: CA certificates
Just can't stay away
Just can't stay away


See User information
I've noticed downloading and installing that latest cert file can make some sites like f.ex. Facebook not working any more. I switched back to some older version.

Rock lobster bit me - so I'm here forever
X1000 + AmigaOS 4.1 FE
"Anyone can build a fast CPU. The trick is to build a fast system." - Seymour Cray
Go to top
Re: CA certificates
Not too shy to talk
Not too shy to talk


See User information
@TSK

I noticed the same problem with Amazon after installing the latest version.

Look, only one leg, count em, one!
X1000/PA6T@1800MHz/2Gb/Radeon 4850

Go to top
Re: CA certificates
Quite a regular
Quite a regular


See User information
Fix is here: http://amigaworld.net/modules/newbb/v ... topic_id=34010&forum=32&8

Well, if you ignore the certificates.

Go to top
Re: CA certificates
Not too shy to talk
Not too shy to talk


See User information
@kilaueabart

From the OWB readme, might work.

WEBKIT_IGNORE_SSL_ERRORS: If set (content doesn't matter) SSL errors,
for example if certificate can't be authenticated, are ignored.

Look, only one leg, count em, one!
X1000/PA6T@1800MHz/2Gb/Radeon 4850

Go to top
Re: CA certificates
Home away from home
Home away from home


See User information
http://github.com/ refuses to load aswell with the latest cert from the aforementioned website

People are dying.
Entire ecosystems are collapsing.
We are in the beginning of a mass extinction.
And all you can talk about is money and fairytales of eternal economic growth.
How dare you!
– Greta Thunberg
Go to top
Re: CA certificates
Just popping in
Just popping in


See User information
"sicky"'s problem sounds very much like mine, and we have about the same result after trying the
suggested fixes. (I notice that the new curl-ca-bundle.crt is 11K shorter than the old one; could that
cause other problems?)

One difference is that so far I can access my bank, and view and/or download recent activity, make
transfers, etc. The only thing I know I can't do is look at my official monthly statement.

Go to top
Re: CA certificates
Not too shy to talk
Not too shy to talk


See User information
@ChrisH
Quote:
Try downloading http://curl.haxx.se/ca/cacert.pem , renaming it to curl-ca-bundle.crt , and then replacing the file in OWB's resources folder.


Ah at last, this is now working for me thanks Chris

SAM 460 with 2GB or RAM, 1000GB HD, 4 port SATA, DVDRW drive and Radeon HD 4650 GFX card.
Go to top
Re: CA certificates
Just popping in
Just popping in


See User information
Quote:

sicky wrote:
@ChrisH

Ah at last, this is now working for me thanks Chris


Hey, me too! Thanks, sicky (and Chris?).

OT: I guess Essex is north of the Sussexes?

Go to top
Re: CA certificates
Not too shy to talk
Not too shy to talk


See User information
@kilaueabart

Quote:
Hey, me too! Thanks, sicky (and Chris?). OT: I guess Essex is north of the Sussexes?


It was ChrisH in this thread (ANT member and friend) who pointed out where to find the working certificate.

And yes Essex is north of Sussex, Essex is on north bank of Thames and Sussex on South coast, ironically although I live in Essex currently in my caravan in East Sussex (Camber Sands) on a little holiday

SAM 460 with 2GB or RAM, 1000GB HD, 4 port SATA, DVDRW drive and Radeon HD 4650 GFX card.
Go to top
Re: CA certificates
Just popping in
Just popping in


See User information
Quote:

sicky wrote:
@kilaueabart

It was ChrisH in this thread (ANT member and friend) who pointed out where
to find the working certificate.


By golly, so it was! And the curiouser thing is, his fix is the one I tried and it
didn't work then, but now does. I'm sure I had rebooted; maybe it had to be a
complete machine reboot?

My daughter and grandsons live in Lewes, East Sussex. That's what made
me wonder about Essex proper, although I should have noticed it when I
visited them for three weeks in 1998.


Go to top
Re: CA certificates
Not too shy to talk
Not too shy to talk


See User information
@kilaueabart

Quote:
By golly, so it was! And the curiouser thing is, his fix is the one I tried and it didn't work then, but now does. I'm sure I had rebooted; maybe it had to be a complete machine reboot?


I think that one was slightly different from one that was posted previously, the one installed now is the latest I believe!


SAM 460 with 2GB or RAM, 1000GB HD, 4 port SATA, DVDRW drive and Radeon HD 4650 GFX card.
Go to top
Re: CA certificates
Just popping in
Just popping in


See User information
I thought it was the new http://curl.haxx.se/ca/cacert.pem file I put in OWB/Resources as curl-ca-bundle.crt that had fixed my problem, but I was completely wrong!

For one thing, it turns out not to have been the 264046 byte August 30 file that I had there, but a 68545 old one that I'm not sure where I got.

It took me quite some time (I've become rather senile) to figure out what was up. It started when I discovered that I couldn't fix mui-owb on my AmigaOne with that same file that I thought had cured OWB 3.32. Then I found out that it wouldn't fix either mui-owb or OWB 3.32 on my SAM460.

In the process of trying to find one of the various curl-ca-bundle.crt files I had available on disk (the two mentioned above, plus a 225828 model from 2009-09-22 and the 370603 byte one from 2011-03-09 that I think I got from a URL earlier in this thread. *Everything* worked with OWB 3.32; none worked with mui-owb.

Then I found out that OWB 3.32 didn't need any curl-ca- file; I could still get my statement from my bank.

It turns out that I had taken the advice to put a file reading "1" and named WEBKIT_IGNORE_SSL_ERRORS in Env-Archive that had done the trick.

Unfortunately that doesn't effect mui-owb, but that's a different forum. In a few moments I will check whether it works on OWB on the SAM.

Go to top
Re: CA certificates
Just popping in
Just popping in


See User information
Quote:

kilaueabart wrote:

It took me quite some time (I've become rather senile) to figure out what was up. It started when I discovered that I couldn't fix mui-owb on my AmigaOne with that same file that I thought had cured OWB 3.32. Then I found out that it wouldn't fix either mui-owb or OWB 3.32 on my SAM460.

In the process of trying to find one of the various curl-ca-bundle.crt files I had available on disk (the two mentioned above, plus a 225828 model from 2009-09-22 and the 370603 byte one from 2011-03-09 that I think I got from a URL earlier in this thread. *Everything* worked with OWB 3.32; none worked with mui-owb.

Then I found out that OWB 3.32 didn't need any curl-ca- file; I could still get my statement from my bank.

It turns out that I had taken the advice to put a file reading "1" and named WEBKIT_IGNORE_SSL_ERRORS in Env-Archive that had done the trick.

Unfortunately that doesn't effect mui-owb, but that's a different forum. In a few moments I will check whether it works on OWB on the SAM.


It does, but more importantly I found the "Ignore SSL errors" in the muiowb configuration that you guys were all keeping secret from me and can now get my bank statements with muiowb on either machine!

Go to top
Re: CA certificates
Just can't stay away
Just can't stay away


See User information
Quote:
kilaueabart wrote:
In the process of trying to find one of the various curl-ca-bundle.crt files I had available on disk (the two mentioned above, plus a 225828 model from 2009-09-22 and the 370603 byte one from 2011-03-09 that I think I got from a URL earlier in this thread. *Everything* worked with OWB 3.32; none worked with mui-owb.

Then I found out that OWB 3.32 didn't need any curl-ca- file; I could still get my statement from my bank.
Are you sure you don't have another copy of (some version of) the file in DEVS:? OWB can read it from there as well.

Best regards,

Niels

Go to top
Re: CA certificates
Just popping in
Just popping in


See User information
Quote:

nbache wrote:
Quote:
kilaueabart wrote:
[...] I found out that OWB 3.32 didn't need any curl-ca- file; I could still get my statement from my bank.
Are you sure you don't have another copy of (some version of) the file in DEVS:? OWB can read it from there as well.
Pretty sure. Unless it's disguised as AmiSSL/Certs.

One way I went wrong is I thought the bank was keeping me out because I didn't have
the right certification and they thought I might be some kind of hacker.
Now I realize that the browsers are trying to protect me from potential bad guys, and
all I need to do is say, I don't need your protection right now.
With the original OWB I have to tell Env-Archive; with muiowb, it's part of Preferences.

Go to top
Re: CA certificates
Quite a regular
Quite a regular


See User information
@ChrisH

Quote:
Try downloading http://curl.haxx.se/ca/cacert.pem , renaming it to curl-ca-bundle.crt , and then replacing the file in OWB's resources folder.

OWB's file is horribly out of date (2 years old!) and it should really have been updated in the OWB archive itself.


Thanks Chris, I could not remember the link and the bookmark. And Google was not my friend today..
but my fault, I searched for curl_ca_bundle..

Go to top

  Register To Post

 




Currently Active Users Viewing This Thread: 1 ( 0 members and 1 Anonymous Users )




Powered by XOOPS 2.0 © 2001-2023 The XOOPS Project