System cannot verify certificates from any HTTPS connections
Linux From ScratchThis Forum is for the discussion of LFS.
LFS is a project that provides you with the steps necessary to build your own custom Linux system.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
System cannot verify certificates from any HTTPS connections
As the title says, my system fails to verify security certificates for secured connections. This can be worked around, using a configuration file (for cURL), and "--no-check-connection" (for wget), but I can't always work around this issue, and until I get this fixed, I cannot install a web browser, I cannot use chat programs, installers/packages fail if they need to connect to the Internet, and I am really frustrated.
I have recompiled and reinstalled GnuTLS, cURL, OpenSSL, NSS, make-ca, but it still won't work. I use the default directories, as per BLFS, but I can't seem to get my connection to work. Does anybody know how to fix this? This problem affects the console, as well as GUI applications.
Typically this means the root certificates from the sites you are trying to connect to, are not installed. Normally these are installed in modern distros but I know nothing about how this works in LFS.
Typically this means the root certificates from the sites you are trying to connect to, are not installed. Normally these are installed in modern distros but I know nothing about how this works in LFS.
Thank you for your reply. Would you happen to know of a place where I could download some kind of package, to install certificates?
Normally these are installed with the OS, but you built the OS, that being blfs so I am not sure in that case. Do the docs say anything about root certificates? It is essentially a package with dozens of root certificates from various vendors and countries.
Sorry I am not being any more helpful than that but I have not ever built an LFS system.
And, as is shown on that page: "make-ca -g" should do it. I manually download certdata.txt and run "make-ca" in the same directory - that also works.
Okay, I tried reinstalling those packages, and rerunning the commands. Every single certificate issues a "Could not open certificate"/"Unable to read certificate" message, and nothing is fixed. What am I doing incorrectly?
I just noticed that the output mentions an error in the script.
/usr/sbin/make-ca: line 650: 21776 Broken pipe printf $(awk '/^CKA_VALUE/{flag=1;next}/^END/{flag=0}flag{printf $0}' "${tempfile}")
21777 Segmentation fault | "${OPENSSL}" x509 -text -inform DER -fingerprint > tempfile.crt
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Certificate: Trustis FPS Root CA
Keyhash:
Added to p11-kit anchor directory with trust 'C,C,'.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.