[okular] [Bug 436820] certificate not found
Gabriel Memmert
bugzilla_noreply at kde.org
Wed May 12 01:07:50 BST 2021
https://bugs.kde.org/show_bug.cgi?id=436820
--- Comment #8 from Gabriel Memmert <gabriel.memmert at web.de> ---
Oh, that's very true.
I didn't find good changes yet. Nevertheless two sugestions:
* Poppler will try to use the following -> Poppler will try to use one of the
following
* adding: You can check which cert store is used via the entry in the 'PDF
Backend Configuration' section of the 'Configure Backends...' dialog.
I would appreciate if there were instructions on how to properly (or easiest)
add a certificate. I am not sure whether this would be helpfull to many people.
What is the usual setup procedure to enable the signing documents? Is it
something that is always preconfigured in your organisation?
After reading on [ArchWiki -
nss](https://wiki.archlinux.org/index.php/Network_Security_Services) and [MDN
NSS](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Tools) I got
to these two instructions that worked for me (manjaro kde, firefox installed,
.p12 and .pfx certificates):
VERSION A:
1. Go to the 'PDF Backend Configuration' section of the 'Configure Backends...'
dialog. Find the certificate store that okular uses by default (right now one
can *not* mark or copy from this field!) and in the following commands
please substitute 'cert/store' with the found path. One example would be
`/home/myuser/.mozilla/firefox/abcdef12.default-release`
2. Add the certificate via `pk12util -d sql:cert/store -i
/path/to/cert/filename.p12`. You can see the certificate added in `certutil -d
sql:cert/store -L`. You can check the certificate for signing messages via
`certutil -d sql:cert/store -V -u S -n "certificate-name"` you need to look for
`certificate-name` in the output of the previous command. This output is
acceptable: `certutil: certificate is invalid: Peer's certificate issuer has
been marked as not trusted by the user.`
3. restart okular, now everything should be working. The certificate should be
listed in the 'PDF Backend Configuration' section.
VERSION B:
1. Add the certificate via `pk12util -d sql:$HOME/.pki/nssdb -i
/path/to/cert/filename.p12`. You can see the certificate added in `certutil -d
sql:$HOME/.pki/nssdb -L`. You can check the certificate for signing messages
via `certutil -d sql:$HOME/.pki/nssdb -V -u S -n "certificate-name"` you need
to look for `certificate-name` in the output of the previous command. This
output is acceptable: `certutil: certificate is invalid: Peer's certificate
issuer has been marked as not trusted by the user.`
2. Go to the 'PDF Backend Configuration' section of the 'Configure Backends...'
dialog. Set the certificate store to custom and set the path to
`$HOME/.pki/nssdb`
3. restart okular, now everything should be working. The certificate should be
listed in the 'PDF Backend Configuration' section.
Questions:
* Do I need `sql:` in the commands?
* Is the environment variable the same in okular and shell?
* Should one do something about this invalid certificate message?
* ...
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Okular-devel
mailing list