View Issue Details

IDProjectCategoryView StatusLast Update
0001469Main CAcert Websitemiscpublic2020-11-23 09:33
Reportermcgiwer Assigned ToTed  
PrioritynormalSeveritymajorReproducibilityalways
Status needs workResolutionopen 
PlatformMain CAcert WebsiteOSLinux (Debian based)OS Versionstable
Summary0001469: CACert.org certificate issues (with valid root certificates installed)
Description1. when I attempt to open cacert.org website pages, I recieve a following error every time:

> Secure Connection Failed
>
> An error occurred during a connection to cats.cacert.org. SSL peer was unable to negotiate an acceptable set of security parameters.
>
> Error code: SSL_ERROR_HANDSHAKE_FAILURE_ALERT
>
> The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
> Please contact the website owners to inform them of this problem."

===========

2. when I'm attempting to issue a client certificate, I recieve a following error:

> I didn't receive a valid Certificate Request, please try a different browser.

Please repeair above error's ASAP. Thanks
Steps To ReproduceEnter the website
TagsNo tags attached.
Reviewed by
Test Instructionssee: Steps to reproduce

Activities

Ted

2019-10-14 08:09

administrator   ~0005851

Last edited: 2019-10-14 08:10

Usually this is caused by the fact that the CAcert root certificates are not installed in the browser, see http://wiki.cacert.org/FAQ/Mess

If you have CAcert root certificates installed (and trusted), there are still occasional problems that the old version of the root certificate is somewhere in traffic, which still used MD5 for self-signature, see http://wiki.cacert.org/HowTo/ReplaceCAcertRootCertificate

If both of these possible causes are eliminated we'd need to know which browser you are using.

mcgiwer

2019-10-14 09:03

reporter   ~0005852

I use Firefox. Maybe it would be a good idea to make the main site load without SSL as default. This would partially solve the problem.

On the main website should be a information about need of installing the Root certificates to enter the SSL or install a SSL certificate with donsn't require doing that

mcgiwer

2020-11-23 09:30

reporter   ~0005919

I have removed the old and installed new root certificates of CA cert and independant from it:

1. when I attempt to open cacert.org website pages, I recieve a following error every time:

> Secure Connection Failed
>
> An error occurred during a connection to cats.cacert.org. SSL peer was unable to negotiate an acceptable set of security parameters.
>
> Error code: SSL_ERROR_HANDSHAKE_FAILURE_ALERT
>
> The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
> Please contact the website owners to inform them of this problem."

===========

2. when I'm attempting to issue a client certificate, I recieve a following error:

> I didn't receive a valid Certificate Request, please try a different browser.

Please repeair above error's ASAP. Thanks

Issue History

Date Modified Username Field Change
2019-10-11 10:38 mcgiwer New Issue
2019-10-14 08:09 Ted Assigned To => Ted
2019-10-14 08:09 Ted Status new => needs feedback
2019-10-14 08:09 Ted Note Added: 0005851
2019-10-14 08:10 Ted Priority immediate => normal
2019-10-14 08:10 Ted Note Edited: 0005851
2019-10-14 09:03 mcgiwer Note Added: 0005852
2019-10-14 09:03 mcgiwer Status needs feedback => needs work
2020-11-23 09:30 mcgiwer Note Added: 0005919
2020-11-23 09:33 mcgiwer OS N/A => Linux (Debian based)
2020-11-23 09:33 mcgiwer Summary Invalid SSL certificate => CACert.org certificate issues (with valid root certificates installed)
2020-11-23 09:33 mcgiwer Description Updated