Installing client certificates
-
I thought this would be already in Vivaldi; but can we have the ability to import client certificates please? Only reason why I've had to re-install Opera 12.
-
Linux - am I right to infer that this already works in other operating systems? I'm using version 1.0.291.18 (Developer Build) dev (64-bit)
-
Just to report that I still cannot install my certificate with snapshot 1.0.303.22. Is it a command-line switch?
-
Meanwhile solved this topic?
I downloaded the boxcert.cer file from the FritzBox. Then I open the settings in the locker icon before the address line and select HTTPS/SSL certificate management. Select first tab - your certifcats - click install - select the boxcert.cer from FritzBox - OK
=> certifcat installation error
"Der private Schlüssel für dieses Clientzertifikat fehlt oder ist ungültig."
(free translated : the private key for this client certificate is missing or invalid)cat boxcert.cer
-----BEGIN CERTIFICATE-----
... the key ...
-----END CERTIFICATE-----???
-
@UbIx you need to use a file that has both private and public certificates - I don't know what FritzBox is though, sorry.
-
@coreymwamba Fritzbox is a router.
-
@coreymwamba said in Installing client certificates:
@UbIx you need to use a file that has both private and public certificates -
This can't be the case - in this case you have big security hole! The private key - shouldn't be stored on an insecure place like a lokal PC!!! Normally the public key and the fingerprint are able to verify if the correct server was connected!!! See Wikipedia description (there are better descriptions available - but I've only the German version stored - so this is the only one which I can find fast).
I don't know what FritzBox is though, sorry.
About FritzBox - this is the most popular router in Germany.
-
@Gwen-Dragon said in Installing client certificates:
@UbIx You are talking about the SSL server certificate (=to secure SSL) or a single client (=user authentication) certificate?
As is know for client cert the client key and cert have to be packed into a pkcs12 file on the local PC.
I don't know. If I look in the Help (chapter certificate) that's for me not clear.
-
@Gwen-Dragon said in Installing client certificates:
@UbIx A client certificate is a special certificate to authenticate a user, not a server.
Sorry for you, but your answers are wrong under these circumstances and that issue with Fritzbox does not belong to the thread here!???
Thread titel "Installing client certificates" looks for me correct.
-
@Gwen-Dragon said in Installing client certificates:
@UbIx Your OS is right, a client certificate for user authentication needs the private key and cert key.
Now I'm totally confused. I don't know if my English is not good enough to understand it or if I'm to stupid
Back to start:
- I've the FritzBox router which use self signed keys - like many private network devices and servers to.
- If I open the login page "https://myrouter" with Firefox:
2.1 The opened window shows a cert error and it is possible to open an additional dialog
2.2 This dialog allows me to download the key and verify it (in this case with an sha1 finger print)
2.3 After this, in the future the locker isn't red and open anymore - it is yellow and the locker sign is closed - If I open the login page "https://myrouter" with Vivaldi:
3.1 The opened window shows a similar cert error but in the extended settings - it is only possible to accept the certificate (without fingerprint check) one time or allways
3.2 After acceptance => the looker symbol is still read and open - no deviation to an insecure page
If I open the HTTPS/SSL certificate management - the error in the first posting was shown.
My OS is openSUSE Tumbleweed Kernel: 4.10.13-1-default Linux
So my question are:
- Is this the correct thread?
- What is the right way - to install an user public key certificate?
-
@Gwen-Dragon yes, this is no longer a problem for me, and on my newer laptop I think I used Vivaldi's UI to do this.
-
@Gwen-Dragon
OK, many thanks for your time.
I will check the shared links from you.
Nice weekend - Ulf
-
@Gwen-Dragon
I installed like described the nss-tools from openSUSE tumbleweed repository via:
sudo zypper in mozilla-nss-tools
Afterwords I installed the certificate, downloaded from FritzBox router:
certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n fritz.box -i ~/Downloads/boxcert.crt
And the verification shows me, that it was well installed:
certutil -d sql:$HOME/.pki/nssdb -L
I think now someone else can do it easier
Update - after an restart, vivaldi shows a green locker symbol.