On 02/25/11 07:29, Marc Shapiro wrote:
On 02/25/11 04:01, Camaleón wrote:On Thu, 24 Feb 2011 20:37:52 -0800, Marc Shapiro wrote:I am using Firefox, not Iceweasel, but I think this question should apply in either case. I am trying to connect to work using the Citrix client. I used to get a warning that the certificate was not recognized and do I want to continue, or not. I am no longer getting the warning, but Firefox is assuming that I have said NOT to accept the certificate and it is closing the connection. How do I get the warning and question back.Try to open a brand-new session for Firefox, for example, by running it as another user or by creating a new profile.The client is currently set up just for me, not systemwide. However, there is a newer version, so I could uninstall the old version and the install the new one as root so it will be systemwide.You can also try to start firefox from command line.BTW, this is happening with Opera and Kazehakase, as well, not just Firefox. Is there some place that all of these browsers would look to define this behavior?I've always thought that every browser handles their certificates database (and warnings) independently, but I agree it must a commom point here as all browsers are failing in the same manner. How about your Citrix client? Does it have any settings to manage SSL certificates?I don't know. This is the standard linux client provided by Citrix. Marc
Th actual error that I am getting is:You have not chosen to trust "VeriSign 3 Public Primary Certification Authority - G3", the issuer of the server's security certificate (SSL error 61).
The contents of /etc/ca-certificates.conf is: # This file lists certificates that you wish to use or to ignore to be # installed in /etc/ssl/certs. # update-ca-certificates(8) will update /etc/ssl/certs by reading this file. # # This is autogenerated by dpkg-reconfigure ca-certificates. # certificates shoule be installed under /usr/share/ca-certificates # and files with extension '.crt' is recognized as available certs. # # line begins with # is comment. # line begins with ! is certificate filename to be deselected. # brasil.gov.br/brasil.gov.br.crt !cacert.org/cacert.org.crt mozilla/ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt mozilla/AOL_Time_Warner_Root_Certification_Authority_1.crt mozilla/AOL_Time_Warner_Root_Certification_Authority_2.crt mozilla/AddTrust_External_Root.crt mozilla/AddTrust_Low-Value_Services_Root.crt mozilla/AddTrust_Public_Services_Root.crt mozilla/AddTrust_Qualified_Certificates_Root.crt mozilla/America_Online_Root_Certification_Authority_1.crt mozilla/America_Online_Root_Certification_Authority_2.crt mozilla/Baltimore_CyberTrust_Root.crt mozilla/Certum_Root_CA.crt mozilla/Comodo_AAA_Services_root.crt mozilla/Comodo_Secure_Services_root.crt mozilla/Comodo_Trusted_Services_root.crt mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt mozilla/Digital_Signature_Trust_Co._Global_CA_2.crt mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt mozilla/Digital_Signature_Trust_Co._Global_CA_4.crt mozilla/Entrust.net_Global_Secure_Personal_CA.crt mozilla/Entrust.net_Global_Secure_Server_CA.crt mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt mozilla/Entrust.net_Secure_Personal_CA.crt mozilla/Entrust.net_Secure_Server_CA.crt mozilla/Equifax_Secure_CA.crt mozilla/Equifax_Secure_Global_eBusiness_CA.crt mozilla/Equifax_Secure_eBusiness_CA_1.crt mozilla/Equifax_Secure_eBusiness_CA_2.crt mozilla/GTE_CyberTrust_Global_Root.crt mozilla/GTE_CyberTrust_Root_CA.crt mozilla/GeoTrust_Global_CA.crt mozilla/GlobalSign_Root_CA.crt mozilla/IPS_CLASE1_root.crt mozilla/IPS_CLASE3_root.crt mozilla/IPS_CLASEA1_root.crt mozilla/IPS_CLASEA3_root.crt mozilla/IPS_Chained_CAs_root.crt mozilla/IPS_Servidores_root.crt mozilla/IPS_Timestamping_root.crt mozilla/QuoVadis_Root_CA.crt mozilla/RSA_Root_Certificate_1.crt mozilla/RSA_Security_1024_v3.crt mozilla/RSA_Security_2048_v3.crt mozilla/Security_Communication_Root_CA.crt mozilla/Sonera_Class_1_Root_CA.crt mozilla/Sonera_Class_2_Root_CA.crt mozilla/Staat_der_Nederlanden_Root_CA.crt mozilla/TC_TrustCenter__Germany__Class_2_CA.crt mozilla/TC_TrustCenter__Germany__Class_3_CA.crt mozilla/TDC_Internet_Root_CA.crt mozilla/TDC_OCES_Root_CA.crt mozilla/Thawte_Personal_Basic_CA.crt mozilla/Thawte_Personal_Freemail_CA.crt mozilla/Thawte_Personal_Premium_CA.crt mozilla/Thawte_Premium_Server_CA.crt mozilla/Thawte_Server_CA.crt mozilla/Thawte_Time_Stamping_CA.crt mozilla/UTN-USER_First-Network_Applications.crt mozilla/UTN_DATACorp_SGC_Root_CA.crt mozilla/UTN_USERFirst_Email_Root_CA.crt mozilla/UTN_USERFirst_Hardware_Root_CA.crt mozilla/UTN_USERFirst_Object_Root_CA.crt mozilla/ValiCert_Class_1_VA.crt mozilla/ValiCert_Class_2_VA.crt mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt !mozilla/Verisign_Class_1_Public_Primary_OCSP_Responder.crt mozilla/Verisign_Class_2_Public_Primary_Certification_Authority.crt mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt !mozilla/Verisign_Class_2_Public_Primary_OCSP_Responder.crt mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt !mozilla/Verisign_Class_3_Public_Primary_OCSP_Responder.crt mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.crt mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt mozilla/Verisign_RSA_Secure_Server_CA.crt !mozilla/Verisign_Secure_Server_OCSP_Responder.crt mozilla/Verisign_Time_Stamping_Authority_CA.crt mozilla/Visa_International_Global_Root_2.crt mozilla/Visa_eCommerce_Root.crt mozilla/beTRUSTed_Root_CA-Baltimore_Implementation.crt mozilla/beTRUSTed_Root_CA.crt mozilla/beTRUSTed_Root_CA_-_Entrust_Implementation.crt mozilla/beTRUSTed_Root_CA_-_RSA_Implementation.crt quovadis.bm/QuoVadis_Root_Certification_Authority.crt signet.pl/signet_ca1_pem.crt signet.pl/signet_ca2_pem.crt signet.pl/signet_ca3_pem.crt signet.pl/signet_ocspklasa2_pem.crt signet.pl/signet_ocspklasa3_pem.crt signet.pl/signet_pca2_pem.crt signet.pl/signet_pca3_pem.crt signet.pl/signet_rootca_pem.crt signet.pl/signet_tsa1_pem.crt !spi-inc.org/spi-ca.crt !spi-inc.org/SPI_CA_2006-cacert.crt cacert.org/class3.crt cacert.org/root.crt debconf.org/ca.crt gouv.fr/cert_igca_dsa.crt gouv.fr/cert_igca_rsa.crt mozilla/COMODO_Certification_Authority.crt mozilla/Camerfirma_Chambers_of_Commerce_Root.crt mozilla/Camerfirma_Global_Chambersign_Root.crt mozilla/Certplus_Class_2_Primary_CA.crt mozilla/DST_ACES_CA_X6.crt mozilla/DST_Root_CA_X3.crt mozilla/DigiCert_Assured_ID_Root_CA.crt mozilla/DigiCert_Global_Root_CA.crt mozilla/DigiCert_High_Assurance_EV_Root_CA.crt mozilla/Entrust_Root_Certification_Authority.crt mozilla/Firmaprofesional_Root_CA.crt mozilla/GeoTrust_Global_CA_2.crt mozilla/GeoTrust_Primary_Certification_Authority.crt mozilla/GeoTrust_Universal_CA.crt mozilla/GeoTrust_Universal_CA_2.crt mozilla/GlobalSign_Root_CA_-_R2.crt mozilla/Go_Daddy_Class_2_CA.crt mozilla/NetLock_Business_=Class_B=_Root.crt mozilla/NetLock_Express_=Class_C=_Root.crt mozilla/NetLock_Notary_=Class_A=_Root.crt mozilla/NetLock_Qualified_=Class_QA=_Root.crt mozilla/QuoVadis_Root_CA_2.crt mozilla/QuoVadis_Root_CA_3.crt mozilla/SecureTrust_CA.crt mozilla/Secure_Global_CA.crt mozilla/Starfield_Class_2_CA.crt mozilla/StartCom_Certification_Authority.crt mozilla/StartCom_Ltd..crt mozilla/SwissSign_Gold_CA_-_G2.crt mozilla/SwissSign_Platinum_CA_-_G2.crt mozilla/SwissSign_Silver_CA_-_G2.crt mozilla/Swisscom_Root_CA_1.crt mozilla/TURKTRUST_Certificate_Services_Provider_Root_1.crt mozilla/TURKTRUST_Certificate_Services_Provider_Root_2.crt mozilla/Taiwan_GRCA.crt mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt mozilla/Wells_Fargo_Root_CA.crt mozilla/XRamp_Global_CA_Root.crt mozilla/thawte_Primary_Root_CA.crt spi-inc.org/spi-ca-2003.crt spi-inc.org/spi-cacert-2008.crt telesec.de/deutsche-telekom-root-ca-2.crtWhat do I need to do to get the warning and question back, or, better yet, automatically accept the certificate (instead of automatically denying it)?
Marc