kssl: certificate weirdness
Thorsten Becker
becker at rz.uni-wuerzburg.de
Sat Apr 3 10:24:02 BST 2004
Hello list,
I have encountered a problem with web server certificates and konqueror in kde
3.2.1 and 3.1.5:
Konqueror doesn't complain when I open certain https-websites, but when I look
into the security properties, it says there is a problem with an intermediate
certificate.
Steps to reproduce:
Import the DFN-root-certificate from http://www.dfn-pca.de/
(http://www.dfn-pca.de/certification/x509/g1/data/html/cacert/root-ca-cert.der)
In Konqueror, open:
https://www.uni-konstanz.de/
It should open without any problem since it was signed by a CA which was
signed by the DFN Root CA
look at the KDE SSL Information (View -> Security).
In the chain, select "2 - RZ CA"
The certificate state is shown as "Rejected, possibly due to an invalid
purpose"
Another example:
https://www.tu-chemnitz.de/
is signed by a CA signed by the DFN root-CA, it opens without an eroror or
warning message,
but in the certificate chain the certificate
2 - TU Chemnitz Certificate Authority, 2001 - 2005
has
"Certificate state: Certificate is self signed and thus may not be
trustworthy"
In both cases I couldn't find anything wrong with the certificates, so
konqueror shouldn't show the intermediate certificates as invalid.
Has anyone a clue why that strange behaviour occurs?
Thorsten
More information about the kfm-devel
mailing list