@cjrking53 Currently without SSL or with StartTLS not supported. Thank you for reaching out and sorry for the trouble. May be this issue is a bug. Please read Help us reproduce your issue How to report a bug for Vivaldi carefully and report the bug to Vivaldi bugtracker. Again thank you for using Vivaldi.

@jumpsq Thanks for your sent report/request. I voted internally in tracker for such feature.

@mows said in SSL Handshake Error (CERT_PKIXVerifyCert Bug 2013): ich habe mir das Cert noch mal vorgenommen und exakt so gechained - es hat funktioniert, und die Fehlermeldung ist ebenfalls verschwunden! Ja. Gut so! Wird es aber, wenn ihre Produkte das Zertifikat anerkennen? Oder ist Google/Chromium da einfach laxer im Umgang mit den Checks? Ich weiß ja nicht was das los ist, inwieweit Chrome was anders machen könnte. Vielen Dank für die Hilfe und die unglaublich schnelle Aufklärung Aber sicher doch, gern geschehen.

Despite of several Loud Throats here I completely agree with the subj and with thouse who named present state as "security theater", as with who pointed that Google isn't Idol in the UI. If the fact of this EV presence is such important just move detailed info into tooltip or "Site info" popup and use a different padlock icon with a big fat checkmark over it.

@awasen What is the difference between the two old and the two new client certs? Please list the PSE000094 personal cert: Open cmd.exe Type certutil -store -user MY "PSE000094" Hit Enter

@FBorrmann Thanks for your feedback. Now you can use Vivaldi as your favorite browser tool.

@Desiree said in How to turn off dangerous ssl/tls settings?: that Vivaldi allows ssl 2 and 3 Really? No. Test it without the switches at https://www.ssllabs.com/ssltest/viewMyClient.html

@hstoellinger a further requirement is not met when called via (that) command line: Certificates must have correct SubjectAltName fields, using CN (CommonName) for host matching was disabled more than a year ago. Suggestion: Use an openssl config file to consistently create (renewable) certificates. It comes in handy the 3rd time you will have to fiddle with options until you get them right.

@gwen-dragon It is already possible (in the Linux version) to import server certs (not tested for CAs) via the basic UI chrome://settings/certificates on the Server section. After import the trust flags are wrong (,, instead of P,,) so the cert is shown in Others instead of Server section and without posibility to change trust flags. I'm not shure if this is a Chromium bug or intentional design choice. In bug case: Might be a good idea to dispatch this to Vivaldi or upstream devs. In design choice case: A better integrated and more comlete cert managment interface for Vivaldi with Better overview of cert trust states (no modal window for show/edit) Option to restore default settings for builtin certs might be the more useful in general. The regular Windows import (in CA section, no separation for server certs) on the other hand adds a number of unnecessary permissions. It might be possible to wrap this operation for easier access and a more limited cert feature set.

I retested my client certificates and all is fine on Debian 9 with Vivaldi 2.6.1566.49 and 2.7.1609.4 All PKCS12 client certificates show up in a popup for a SSL cert protected URL.

@Gwen-Dragon I installed like described the nss-tools from openSUSE tumbleweed repository via: sudo zypper in mozilla-nss-tools Afterwords I installed the certificate, downloaded from FritzBox router: certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n fritz.box -i ~/Downloads/boxcert.crt And the verification shows me, that it was well installed: certutil -d sql:$HOME/.pki/nssdb -L I think now someone else can do it easier Update - after an restart, vivaldi shows a green locker symbol.

Thanks! You probably already know about these chromium command line switches (many/most of which may work with Vivaldi), but I thought I'd just mention them in case other readers don't.