LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-10-2010, 09:13 AM   #1
Pedroski
Senior Member
 
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 18.04
Posts: 1,903

Rep: Reputation: 69
digital certificate


Girlfriend with a problem: she needs to sign up at the unemployment office in Spain. She is here in China. But for reasons unknown, she can't access the bit which she needs to. It says:'can't set the browser' Java is enabled and so on, we read the instructions. On her windoze computer, she has a digital certificate. I copied it onto my mem-stick. When I try to copy it from my mem-stick to my Linux machine, I can't. Not even as root! The folder is called 'certificado digital' and contains two folders:

Trash.(tilde)1 and VM_Ware_Workstation They both have some kind of encrypted stuff inside.

Can this certificate be installed on my machine?? Trash has 5 things, VM_Ware_Workstation has 3 things.

The guy who set this up for her told her she must use Mozilla. Is a certificate only valid with a particular browser?
 
Old 05-10-2010, 09:22 AM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 24,122

Rep: Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106
Quote:
Originally Posted by Pedroski View Post
Girlfriend with a problem: she needs to sign up at the unemployment office in Spain. She is here in China. But for reasons unknown, she can't access the bit which she needs to. It says:'can't set the browser' Java is enabled and so on, we read the instructions. On her windoze computer, she has a digital certificate. I copied it onto my mem-stick. When I try to copy it from my mem-stick to my Linux machine, I can't. Not even as root! The folder is called 'certificado digital' and contains two folders:

Trash.(tilde)1 and VM_Ware_Workstation They both have some kind of encrypted stuff inside.

Can this certificate be installed on my machine?? Trash has 5 things, VM_Ware_Workstation has 3 things.
Yes, but you can't just copy it over. Needs to be installed via the browser, through certificate importing
Quote:
The guy who set this up for her told her she must use Mozilla. Is a certificate only valid with a particular browser?
Nope, but the website itself might not support IE. You can set your browser ID to be Mozilla, but Firefox should work just fine. Also, this bit of info:
Code:
the unemployment office in Spain. She is here in China.
is telling. Can you hit the website on ANY computer where you are, and get in? I'd be surprised, since China has very restrictive Internet policies, and (obviously), Spain might not let someone from another country access a government-benefits website.
 
Old 05-10-2010, 09:46 AM   #3
Pedroski
Senior Member
 
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 18.04
Posts: 1,903

Original Poster
Rep: Reputation: 69
Oh yeah, we can enter the site ok.

But when we get to the bit where she needs to enter a particular number she has, to sign up for the next three months, the web site returns 'can't set your browser'
We read the instructions on setting cookies, enabling java and so on. But no joy. So I, simpleton, thought, put the certificate on my laptop, maybe under Linux it would work.

So how do I get her cert on my machine??
 
Old 05-10-2010, 09:50 AM   #4
Pedroski
Senior Member
 
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 18.04
Posts: 1,903

Original Poster
Rep: Reputation: 69
The cert is issued by Fbrica Nacional de Moneda y Timbre
 
Old 05-10-2010, 09:52 AM   #5
Pedroski
Senior Member
 
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 18.04
Posts: 1,903

Original Poster
Rep: Reputation: 69
If I enter the site using her user and password, I run into: can't confirm certificate, and am paddleless up a creek!
 
Old 05-10-2010, 10:14 AM   #6
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 24,122

Rep: Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106
Quote:
Originally Posted by Pedroski View Post
If I enter the site using her user and password, I run into: can't confirm certificate, and am paddleless up a creek!
Right...so, back to my first post:
Quote:
Can you hit the website on ANY computer where you are, and get in? I'd be surprised, since China has very restrictive Internet policies, and (obviously), Spain might not let someone from another country access a government-benefits website.
So you CAN'T get in from any computer from where you are. The public part of the website is far different from the 'secured' part. This is an Internet security issue, Linux/Windows/Mac isn't going to matter. You're in China, trying to access a Spanish government benefits site. Basic geographic location via web/IP is trivial, and one of the first things they probably check.
 
Old 05-10-2010, 10:59 AM   #7
Pedroski
Senior Member
 
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 18.04
Posts: 1,903

Original Poster
Rep: Reputation: 69
On her machine, we can enter. Her certificate is recognized. It was the first time, so she had to give herself a user name and password. But the certificate already told them who she is, that was in the form. But when we want to go to the 'sign up again bit' there is a problem, with the browser it says.

How can I get the cert onto this machine?
 
Old 05-10-2010, 11:08 AM   #8
Pedroski
Senior Member
 
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 18.04
Posts: 1,903

Original Poster
Rep: Reputation: 69
That is to say, we can enter from here, there is just a prob with the browser. I can't try from my comp, because I don't have the cert.
 
Old 05-10-2010, 11:30 AM   #9
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 24,122

Rep: Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106
Quote:
Originally Posted by Pedroski View Post
That is to say, we can enter from here, there is just a prob with the browser. I can't try from my comp, because I don't have the cert.
No, there's no problem with the browser. First, where did she INITIALLY sign up from? What country/location?

Second, you can't "sign up again", since (as you say), you've ALREADY signed up. The certificate/cookies/etc., have already been generated for that user ID. Remove the certificates, cookies, etc., for the site, then you should be able to sign up again. But again, see my first post..you are in CHINA, the benefits office is in SPAIN.
 
Old 05-10-2010, 11:48 AM   #10
Pedroski
Senior Member
 
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 18.04
Posts: 1,903

Original Poster
Rep: Reputation: 69
Ah well, getting the cert was something she, or rather, someone in Spain did for her. I tried to import her cert from my mem stick to my Mozilla. But it sees nothing. Why? Why can't I copy it to my Desktop? Why can't I copy anything I want from my mem stick to my machine? The permissions are not blocking it. Even root can't do it!

Even if you are Spanish, you do not necessarily have to be in Spain to use an internet service. It is not as if she wants money transferred to China!

With all due respect, I think the problem is with the browser, because the site says 'no podemos adecuar su programa de internet' Once we enter into the web page, using her cert and user name and password, we are in the secure part of the web site.

I'd like to try to get her cert on this machine. Can that be done??

Last edited by Pedroski; 05-10-2010 at 11:55 AM.
 
Old 05-10-2010, 12:09 PM   #11
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 24,122

Rep: Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106Reputation: 7106
Quote:
Originally Posted by Pedroski View Post
Ah well, getting the cert was something she, or rather, someone in Spain did for her.
Useful bit of information. WHO did this, and HOW?
Quote:
I tried to import her cert from my mem stick to my Mozilla. But it sees nothing. Why? Why can't I copy it to my Desktop? Why can't I copy anything I want from my mem stick to my machine? The permissions are not blocking it. Even root can't do it!
Do an "ls -alR" on that directory. Chances are it has to do with SUID info/permissions.
Quote:
Even if you are Spanish, you do not necessarily have to be in Spain to use an internet service. It is not as if she wants money transferred to China!
Doesn't matter, if you think about it. Do alot of hackers operate out of China and Russia? Yes. Why? Hard/almost-impossible to prosecute. So while SHE may be a valid user, the site in Spain probably won't trust a connection from that geographic range. The account is meaningless...you can have a bank account set up anywhere.
Quote:
With all due respect, I think the problem is with the browser, because the site says 'no podemos adecuar su programa de internet' Once we enter into the web page, using her cert and user name and password, we are in the secure part of the web site.
Then try another browser if you don't believe me. Under Linux, you have Konqueror, Opera, Firefox, Chrome, Arora, and Epiphany to choose from, and those are just the ones I can think of off the top of my head. Pick any of them...they can't ALL be broken. And again, to clarify....from where you are NOW, in China, can you access the secure portion of the site from ANY machine????
Quote:
I'd like to try to get her cert on this machine. Can that be done??
In Firefox, go to Preferences->Advanced->View Certificates->Your Certificates, then click "Import". That's pretty much it.
 
Old 05-10-2010, 05:52 PM   #12
Pedroski
Senior Member
 
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 18.04
Posts: 1,903

Original Poster
Rep: Reputation: 69
We have been told we must use Firefox. And we must use her machine, because that contains the cert. Other browsers don't have the cert. We can enter the secure part. We could, for example, change her password.
ls -alR
drwx------. 8 peter Pedro 4096 2010-05-10 14:46 certificado digital (I thought rwx meant also that I could copy!)

also get:

ls: cannot access ./certificado digital/TRASH-~1/≈▒ec⌐.╥*U: Input/output error
ls: cannot access ./certificado digital/TRASH-~1/╧j*╤∩.ε: Input/output error
ls: cannot access ./certificado digital/TRASH-~1/}:┐σ.g: Input/output error
ls: cannot access ./certificado digital/TRASH-~1/√g░ hΘεv.╨: Input/output error
ls: cannot access ./certificado digital/TRASH-~1/&qτ█e:.;┌▄: Input/output error
ls: cannot access ./certificado digital/TRASH-~1/*0┤▓Y.S┐o: Input/output error

How can I have something on my stick that I can't copy? That root can't copy to my hard drive? How come I have a VM Ware Machine on there?
 
Old 05-10-2010, 06:02 PM   #13
Pedroski
Senior Member
 
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 18.04
Posts: 1,903

Original Poster
Rep: Reputation: 69
Oh, the cert is issued by Entrusted, Inc.

A friend of hers in Sevilla put it on the laptop. Don't know how. But why can't I copy it? Is it intelligent, and knows when it is being copied?

Last edited by Pedroski; 05-10-2010 at 08:53 PM.
 
Old 05-11-2010, 12:08 AM   #14
Pedroski
Senior Member
 
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 18.04
Posts: 1,903

Original Poster
Rep: Reputation: 69
progress

I tried another mem stick, and now have the certificate on my Linux machine. But I can't import it. Mozilla asks for a password which was used to encrypt this back up copy.

So I have a dodgy mem stick! But some progress!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] help with setting up a digital certificate in Mutt bret381 Linux - Software 2 04-03-2010 10:21 PM
Building a certificate chain from the certificate using openSSL aravinda78 Linux - Security 1 11-10-2008 01:51 AM
Digital certificate in Red Hat Enterprise 4 eichmen Linux - Security 3 04-17-2008 01:54 AM
Can I retrieve certificate expiry date from an openssl certificate (command line) davee Linux - Security 1 07-21-2006 10:28 AM
Creating a personal digital certificate seven212 General 1 09-14-2003 04:13 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:50 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration