GNOME Bugzilla – Bug 712719
Importing new CA certificates is broken (and/or confusing/difficult)
Last modified: 2018-08-03 19:34:06 UTC
I'm using epiphany-3.10.1-1.fc20.x86_64 Fedora does not ship the cacert root certificate, so if you visit https://www.cacert.org the lock in the url box show an orange ! saying the it cannot verify the indentity of the site. Fine Go to https://www.cacert.org/index.php?id=3 where the cacert root certificate is available. Click in Root certificate (DER format). A new window pops up and there you can import the certificate. The same can be done with the PKI level 3 certificate. And then you can reload the cacert page, still the orange lock. Close epiphany and open it, go to cacert page, still orange lock. Reboot the machine, still orange lock. So, even if you can import the certificate, epiphany will ignore it.
I have found this page with instructions. https://wiki.gnome.org/GnomeKeyring/ApplicationSetup They are probably oputdated, But I've tried anyway as it mentions epiphany $ modutil -add gnome-keyring -libfile /usr/lib/gnome-keyring/gnome-keyring-pkcs11.so -mechanisms RSA:DSA -dbdir ~/.gnome2/epiphany/ modutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format. This doesn't work, what is not strange as /usr/lib/gnome-asdasd does not exist. I have tried this instead: $ modutil -add gnome-keyring -libfile /usr/lib64/pkcs11/gnome-keyring-pkcs11.so -mechanisms RSA:DSA -dbdir ~/.gnome2/epiphany modutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format. But the result is the same.
Well importing the cert works for me, but it's placed into "Gnome2 Key Storage," which seems to be unused? It's certainly not being checked.... You can browse this with Seahorse.
Yes, I knew that. But, as you say, epiphany ignores that storage.
Testing in a VM with Fedora Rawhide, This is epiphany-3.12.1-2.fc21.x86_64 If I repeat the steps in Description, I don't get the popup indow. Instead the certificate files are downloaded.
Testing epiphany-3.13.90-1.fc22.x86_64 and seahorse-3.12.2-6.fc22.x86_64, it still doesn't work. Epiphany no longer pops up a window to import the certificate. Anyway, if you doble click the file in nautilus, you get a window with a "Import" button. After you click "Import", you get a window to name the certificate in the database and after that the button turns grey, with the label "Imported" But the certificate does not appear in seahorse. In fact, if you close the window of the certificate and open it again, the button is again clickable, with label "Import" and not "Imported"
I am also experiencing trouble with this functionality. Was referred here from bug #739326.
-- GitLab Migration Automatic Message -- This bug has been migrated to GNOME's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/seahorse/issues/96.