I'm using SuSE9.3 with firefox 1.5 Last week I connected to a citrix session at the office. this week when I try to open an application from there I get : I get a "you have not chosen to trust "Verisign Class 3 Secure Server CA", the issues of the server's security certificate. - I get the same error from seamonkey and Konqueror redirects the asp to firefox Today when I try and get to any secure site I get a "Error establishing an encrypted connection to *****.com Error Code -8075." Any suggestions, google has been fun I can't get the any https site with solutions -- Collector of vintage computers http://www.ncf.ca/~ba600 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Edit>Preferences>Advanced>Encryption (assuming same
Great, Root Certificates, my speciality. I am going to need a few bit of information from you before we can fix this. 1. Firstly could you open firefox 1.5 menu location as FF) Under Protocols both SSL3.0 and Use TLS 1.0 should be ON 2. Open Revocation Lists > this should be empty 3. Under the certificates heading "When a web site requires a certificates "select one automatically" 4. Verification select "Do not use OCSP for certificate validation" 5. "View Certificates>Authorities - There will be a large alphabetical list of root certificate authorities present but by far the most important ones are all the Verisign. Select 'View" on all the Verisign certificates and note the expiry date, the end year should by 2028. If any of the certificates have expired let me know 6.Do you have any special access rights under the 'Web Sites" TAB - DO NOT TELL ME THEIR NAMES 7. Under the 'Your Certificates' tab do you have any special certificates and is so have they expired Let me know how you go. P.S If you have any Disa certificates you need to talk to them NOW! ( Ignore this bit if it makes no sense.) Good luck with FireFox Scott Mike wrote:
I'm using SuSE9.3 with firefox 1.5
Last week I connected to a citrix session at the office. this week when I try to open an application from there I get :
I get a "you have not chosen to trust "Verisign Class 3 Secure Server CA", the issues of the server's security certificate.
- I get the same error from seamonkey and Konqueror redirects the asp to firefox
Today when I try and get to any secure site I get a "Error establishing an encrypted connection to *****.com Error Code -8075."
Any suggestions, google has been fun I can't get the any https site with solutions
On August 6, 2007 8:18 pm, Registration Account wrote:
Great, Root Certificates, my speciality. I am going to need a few bit of information from you before we can fix this.
1. Firstly could you open firefox 1.5
Edit>Preferences>Advanced>Encryption (assuming same
menu location as FF)
I have a security tab
Under Protocols both SSL3.0 and Use TLS 1.0 should be ON
SSL2.0, 3.0 and TLS 1.0 are all checked
2. Open Revocation Lists > this should be empty
There was a Thwate which I deleted
3. Under the certificates heading "When a web site requires a certificates "select one automatically"
4. Verification select "Do not use OCSP for certificate validation"
5. "View Certificates>Authorities - There will be a large alphabetical list of root certificate authorities present but by far the most important ones are all the Verisign. Select 'View" on all the Verisign certificates and note the expiry date, the end year should by 2028. If any of the certificates have expired let me know
I found another reference statigng that this was the cause of the -8075 error the 3 OCSP responders have expired (2004)
6.Do you have any special access rights under the 'Web Sites" TAB - DO NOT TELL ME THEIR NAMES
Just client,server for the 2 listed
7. Under the 'Your Certificates' tab do you have any special certificates and is so have they expired
None I also tried on another user account and get the same error the -8075 error has been resolved, but after connecting to the citrix server I cannot launch any of the applications there .
Mike wrote:
I'm using SuSE9.3 with firefox 1.5
Last week I connected to a citrix session at the office. this week when I try to open an application from there I get :
I get a "you have not chosen to trust "Verisign Class 3 Secure Server CA", the issues of the server's security certificate.
- I get the same error from seamonkey and Konqueror redirects the asp to firefox
Today when I try and get to any secure site I get a "Error establishing an encrypted connection to *****.com Error Code -8075."
Any suggestions, google has been fun I can't get the any https site with solutions
-- Collector of vintage computers http://www.ncf.ca/~ba600 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Mike, Bingo The 3 certificates that have an expired date is the issue confronting you now. If we were dealing with MS we could inset the CD do an update and there is a option their to re-validate all root certificates - but this is Linux - don't know why I told you that. At this state I would be tempted to ask you to uninstall FF and then re-install it from your CD's, however before we do that can you tell me how many years ago was the installation performed - that will give me a clue if the installation date === issue date on the expired certificates then an uninstall and reinstall will give you back the same certificates but with a new validity period. Before you do this you will have to backup your Web Sites certificates as they will be deleted and depending on their authority asking asking for replacement authority certificates may/may not be an issue here. I know all hell would break loose if I had to re-apply for some of mine! I can help you back them up and re-install them if the above is correct. Perhaps it is time to consider a total software version upgrade - if so and you need you special certificates they will need to be backed up. Let me know how you go Scott
5. "View Certificates>Authorities - There will be a large alphabetical list of root certificate authorities present but by far the most important ones are all the Verisign. Select 'View" on all the Verisign certificates and note the expiry date, the end year should by 2028. If any of the certificates have expired let me know the 3 OCSP responders have expired (2004)
6.Do you have any special access rights under the 'Web Sites" TAB - DO NOT TELL ME THEIR NAMES
Just client,server for the 2 listed
7. Under the 'Your Certificates' tab do you have any special certificates and is so have they expired
None
I also tried on another user account and get the same error the -8075 error has been resolved, but after connecting to the citrix server I cannot launch any of the applications there .
Mike wrote:
I'm using SuSE9.3 with firefox 1.5
Last week I connected to a citrix session at the office. this week when I try to open an application from there I get :
I get a "you have not chosen to trust "Verisign Class 3 Secure Server CA", the issues of the server's security certificate.
- I get the same error from seamonkey and Konqueror redirects the asp to firefox
Today when I try and get to any secure site I get a "Error establishing an encrypted connection to *****.com Error Code -8075."
Any suggestions, google has been fun I can't get the any https site with solutions
At this state I would be tempted to ask you to uninstall FF and then re-install it from your CD's,
I'm curious... how would this help correct this problem? Are the certificates stored with the program binaries? or in /home/$USER? I've always gone by the rule (with Linux) that if a program has been working fine (and you haven't updated the binaries), and something goes wrong, reinstalling the application itself will not help because the bit that has "gone wrong" is tied to the files in the user's /home. C. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On August 7, 2007 3:06 am, Registration Account wrote:
Mike, Bingo
The 3 certificates that have an expired date is the issue confronting you now. If we were dealing with MS we could inset the CD do an update and there is a option their to re-validate all root certificates - but this is Linux - don't know why I told you that.
At this state I would be tempted to ask you to uninstall FF and then re-install it from your CD's, however before we do that can you tell me how many years ago was the installation performed - that will give me a clue if the installation date === issue date on the expired certificates then an uninstall and reinstall will give you back the same certificates but with a new validity period.
I ran apt- install --reinstall mozilla the other day
I can help you back them up and re-install them if the above is correct.
Perhaps it is time to consider a total software version upgrade - if so and you need you special certificates they will need to be backed up.
I have a new machine sitting beside me now. I was debating moving the existing drive over, or just trying to copy /home
Let me know how you go
-- Collector of vintage computers http://www.ncf.ca/~ba600 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Mike you will have to backup "your Certificates" using the backup button. When you back them up jut make sure that you recall the password you will be asked for up to 3 times. You can use the same password to help not getting lost. The backup file will be created and you can copy that file to a new installation and then use the import button and supply the passwords to restore the. Scott Mike wrote:
On August 7, 2007 3:06 am, Registration Account wrote:
Mike, Bingo
The 3 certificates that have an expired date is the issue confronting you now. If we were dealing with MS we could inset the CD do an update and there is a option their to re-validate all root certificates - but this is Linux - don't know why I told you that.
At this state I would be tempted to ask you to uninstall FF and then re-install it from your CD's, however before we do that can you tell me how many years ago was the installation performed - that will give me a clue if the installation date === issue date on the expired certificates then an uninstall and reinstall will give you back the same certificates but with a new validity period.
I ran apt- install --reinstall mozilla the other day
I can help you back them up and re-install them if the above is correct.
Perhaps it is time to consider a total software version upgrade - if so and you need you special certificates they will need to be backed up.
I have a new machine sitting beside me now. I was debating moving the existing drive over, or just trying to copy /home
Let me know how you go
On August 8, 2007 1:57 am, Registration Account wrote:
Mike you will have to backup "your Certificates" using the backup button. When you back them up jut make sure that you recall the password you will be asked for up to 3 times. You can use the same password to help not getting lost. The backup file will be created and you can copy that file to a new installation and then use the import button and supply the passwords to restore the.
Well I couldn't see any backup button, but I did stumble upon another bunch of certificates. I renamed the vsign3.pem file I found here /etc/ssl/certs/expired/ And I was able to connect. -- Collector of vintage computers http://www.ncf.ca/~ba600 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Unreal Mike that you could locate the .pem file. I kick myself in not looking for the .pem file on my PC. Ok you have now valid root certificated that don't expire until the Linux Millenium Bug hit us and shuts down all Unix/Linux installations 2038. Just check again - the backup button only reveals itself when you hit "Your certificates", however I may be wrong as I cannot recall FF 1.5 Mike if you do not feel confident to write a bug wish-list let someone else do it. Scott It would be really nice if someone out there could raise a bug, wishlist, in system tools from boot from CD1 and option to update root certificated. MS and I really am sorry to compare them, had this option since Windows 3.1 yes 3.1 - 3.11 was essentially the same with the exception of the removal of the 286 code so Windows needed at least a 386 processor. Thee things are certain in life. 1. MS Windoze will NEVER BE FAST ENOUGH FOR A HIGH SPEED DATA PROCESSOR TO USE IT. 2. Suse Linux WILL never be able to load all its modules in a timely manner, even since the intro of the RAM disk for preload. 3. Suspend to RAM in Linux will take at least 10 years to be able to suspend or resume a session with 2.8 seconds (MS Windoze can and has done so for years) Mike wrote:
On August 8, 2007 1:57 am, Registration Account wrote:
Mike you will have to backup "your Certificates" using the backup button. When you back them up jut make sure that you recall the password you will be asked for up to 3 times. You can use the same password to help not getting lost. The backup file will be created and you can copy that file to a new installation and then use the import button and supply the passwords to restore the.
Well I couldn't see any backup button, but I did stumble upon another bunch of certificates.
I renamed the vsign3.pem file I found here /etc/ssl/certs/expired/ And I was able to connect.
On August 11, 2007 10:05 pm, Registration Account wrote:
Unreal Mike that you could locate the .pem file. I kick myself in not looking for the .pem file on my PC. Ok you have now valid root certificated that don't expire until the Linux Millenium Bug hit us and shuts down all Unix/Linux installations 2038. Just check again - the backup button only reveals itself when you hit "Your certificates", however I may be wrong as I cannot recall FF 1.5
Ok they are grayed out since there are no certificates displayed Well apt-get got me again It said I needed to run fix-broken and it said one of the kde components depended on 3.5 and I only had 3.4 so it removed kde (ok i did say Yes, I figured that it would roll back to the previous version) But after than I'm with fvwm So I've pushed up the migration to the new machine.
Mike if you do not feel confident to write a bug wish-list let someone else do it.
Scott
It would be really nice if someone out there could raise a bug, wishlist, in system tools from boot from CD1 and option to update root certificated. MS and I really am sorry to compare them, had this option since Windows 3.1 yes 3.1 - 3.11 was essentially the same with the exception of the removal of the 286 code so Windows needed at least a 386 processor.
-- Collector of vintage computers http://www.ncf.ca/~ba600 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (3)
-
Clayton -
Mike -
Registration Account