Few days ago (2010-07-16), Arch Linux Forums started to redirect unencrypted connection to encrypted connection, in other words, it is now SSL connection only.
My current web browser is Chromium and it told me CAcert.org is not trusted, the certificate issuer that Arch Linux Forums uses. It only takes one click for a browsing session to get rid of that message. Before this, I sometimes stumbled upon Gentoo Bugs redirected via Gentoo Packages.
I am not actually a reader of Arch Linux Forums, but I read it regularly. So it’s time to get rid of it once for all.
It’s fairly simple. Firstly, you need certutil tool from NSS package, if you don’t have then add the following line to your /etc/portage/packages.use:
dev-libs/nss utils
Re-emerge NSS. Next step is to add the root certificate:
certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n cacert -i /etc/ssl/certs/cacert.org.pem
Then check if we add successfully with:
% certutil -d sql:$HOME/.pki/nssdb -L
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
cacert C,,
Restart browser and say hello to that little green lock.
The steps are actually from this Chromium wiki page
Note that the root certificate /etc/ssl/certs/cacert.org.pem is a symbolic link to /usr/share/ca-certificates/cacert.org/cacert.org.crt, which is a file part of ca-certificates package and your Gentoo system should already have it because OpenSSL depends on it and openssl is unlikely not installed.
0 comments:
Post a Comment
Note: Only a member of this blog may post a comment.