Active Topics
-
Is there a section to talk about Java ME? Apps, etc. (5)
to General by teroyk - 5 days, 18 hrs ago -
Extra softwares in Sailfish using CLI, repositories, etc (118)
to SailfishOS by nieldk - 5 days, 23 hrs ago -
Paths (0)
to Maemo 7 / Leste by teroyk - 6 days, 21 hrs ago - more...
 |
|
2011-08-30
, 14:56
|
|
Posts: 451 |
Thanked: 424 times |
Joined on Apr 2010
@ England
|
#3
|
I manually deleted diginotars certificate on my laptop (as per mozilla's instructions), and then copied the cert8.db file from within the firefox directory to the phone.
Going to https://www.diginotar.com/ presented me with an invalid certificate, so it's working.
Edit: You could also use certutil to remove just the one certificate, you'll have to copy your cert8.db over to a computer that can run the certutil program, and the copy the database back over.
Last edited by jd4200; 2011-08-30 at 15:03.
Going to https://www.diginotar.com/ presented me with an invalid certificate, so it's working.
Edit: You could also use certutil to remove just the one certificate, you'll have to copy your cert8.db over to a computer that can run the certutil program, and the copy the database back over.
Last edited by jd4200; 2011-08-30 at 15:03.
|
|
2011-08-30
, 15:07
|
|
Posts: 115 |
Thanked: 342 times |
Joined on Dec 2010
|
#4
|
This is very important. And it seems there is no way to manage certificates on maemo, which is a shame. So yeah, as jd4200 said, simply delete the certificate on your computer, then copy the cert8.db to /home/user/.mozilla/microb/. Not sure how microb makes usage of OCSP.
Edit: better this http://talk.maemo.org/showpost.php?p...7&postcount=12 and http://talk.maemo.org/showpost.php?p...86&postcount=7
Anyway, it's an OS from October 2010. I bet there much much more security issues, probably even remote :-).
Last edited by NIN101; 2011-08-31 at 14:42.
Edit: better this http://talk.maemo.org/showpost.php?p...7&postcount=12 and http://talk.maemo.org/showpost.php?p...86&postcount=7
Anyway, it's an OS from October 2010. I bet there much much more security issues, probably even remote :-).
Last edited by NIN101; 2011-08-31 at 14:42.
 |
|
2011-08-30
, 15:12
|
|
Posts: 361 |
Thanked: 219 times |
Joined on Sep 2010
|
#5
|
Originally Posted by jd4200
I am not sure if cert8.db from another machine contains all the necessary certificates for N900.
I manually deleted diginotars certificate on my laptop (as per mozilla's instructions), and then copied the cert8.db file from within the firefox directory to the phone.
Going to https://www.diginotar.com/ presented me with an invalid certificate, so it's working.
Edit: You could also use certutil to remove just the one certificate, you'll have to copy your cert8.db over to a computer that can run the certutil program, and the copy the database back over.
It think this only helps for Fennec.
Anyway: I contacted a security email address at Nokia, let's see, if they answer.
| The Following 3 Users Say Thank You to PMaff For This Useful Post: | ||
|
|
2011-08-30
, 15:18
|
|
Posts: 115 |
Thanked: 342 times |
Joined on Dec 2010
|
#6
|
I am not sure if cert8.db from another machine contains all the necessary certificates for N900.
Anyway, OCSP in microb:
security.OCSP.enabled=1
security.OCSP.require=false
Which means AFAIK: "Contact an OCSP server if the certificate has one listed. If not, then do not. " "Also, if the connection to the OCSP server fails, do not think it is invalid/revoked."
But I would not rely on OCSP anyway. However, some people might want to change this.
Last edited by NIN101; 2011-08-30 at 15:25.
|
|
2011-08-31
, 08:01
|
|
Posts: 3,617 |
Thanked: 2,412 times |
Joined on Nov 2009
@ Cambridge, UK
|
#7
|
Originally Posted by NIN101
For microb, just point your browser to chrome://pippki/content/certManager.xul (I've set up a bookmark for this) to get access to the certificate management interface.
This is very important. And it seems there is no way to manage certificates on maemo, which is a shame.
|
|
2011-08-31
, 11:50
|
|
Posts: 227 |
Thanked: 53 times |
Joined on Feb 2008
@ Lyon, France
|
#8
|
Originally Posted by Rob1n
After trying to remove the DigiNotar root CA certificate with this, https no longer works at all! I just get a blank window for any https URL I try. It seems that the browser still tries to connect...
For microb, just point your browser to chrome://pippki/content/certManager.xul (I've set up a bookmark for this) to get access to the certificate management interface.
|
|
2011-08-31
, 12:20
|
|
Posts: 3,617 |
Thanked: 2,412 times |
Joined on Nov 2009
@ Cambridge, UK
|
#9
|
Originally Posted by vinc17
No idea how that's happened - it won't actually let you remove the certificate anyway (it appears to work, but re-opening the certificate manager shows it back again).
After trying to remove the DigiNotar root CA certificate with this, https no longer works at all! I just get a blank window for any https URL I try. It seems that the browser still tries to connect...
|
|
2011-08-31
, 12:42
|
|
Posts: 227 |
Thanked: 53 times |
Joined on Feb 2008
@ Lyon, France
|
#10
|
Originally Posted by Rob1n
Yes, I noticed that. That's why I removed the certificate 8868bfe08e35c43b386b62f7283b8481c80cd74d.pem manually from /etc/certs/common-ca and the corresponding symlink (c0cafbd2.0).
No idea how that's happened - it won't actually let you remove the certificate anyway (it appears to work, but re-opening the certificate manager shows it back again).
Actually the browser (the backend) crashes (the coredump has been uploaded by the crash reporter). This explains why the UI remains in the same state.
Mozilla was informed today about the issuance of at least one fraudulent SSL certificate for public websites belonging to Google, Inc. This is not a Firefox-specific issue, and the certificate has now been revoked by its issuer, DigiNotar. This should protect most users.
..."
http://blog.mozilla.com/security/201...m-certificate/
and
http://www.h-online.com/open/news/it...s-1333088.html
Can we switch that off for our browsers (MicroB,Fennec, Opera)?
See also
http://support.mozilla.com/en-US/kb/...inotar-ca-cert
Certificate Manager (in Settings) only allows to import a certificate.
How do I delete one?
Last edited by PMaff; 2011-11-01 at 17:27.