lynx-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev SSL error:Unable to get local issuer certificate-Continue?

From: Doug Kaufman
Subject: Re: lynx-dev SSL error:Unable to get local issuer certificate-Continue?
Date: Mon, 2 Dec 2002 20:09:51 -0800 (PST) 
On Mon, 2 Dec 2002, Leslie Fairall wrote:

> was not addressed in the last release. My understanding was that there
> would be an option somewhere in lynx to suppress this message. It seems
> ...
> that I know consider these messages to be a major annoyance. The sysadmin
> for my ISP recommended that we should use lynx2.8.5dev8 because there was
> a "bug" in the latest version. I didn't do this, but do not blame him at
> all for alerting others to this annoyance.

If your ISP has lynx installed, and the systemwide version is giving
the error message, that means that the system administrator who
installed lynx didn't put in the file of trusted certificates. If they
just want to accept Microsoft's idea of who is to be trusted, they can
take the certificates from a recent copy of Internet Explorer. You
have the option of updating the root certificates first with the patch
issued about 2 weeks ago.

To make your own file of certificates, go to the
"Tools/Internet Options/Content/Certificates/Trusted Root Certificates"
section of IE. Select all the certificates, then "export" to a file.
It will be saved as a PKCS#7 file, with suffix ".p7b". You can call
it "ca_bundle.p7b". Then use openssl to convert it with the command:
"openssl pkcs7 -inform DER -in ca_bundle.p7b -print_certs -text -out cert.pem".
Ask your system administrator to put the file "cert.pem" in the openssl
directory. Then lynx can check the certificates against the set of
certificates that you (or Microsoft) trusts, and you won't get the
message any more.

I have done this with my DJGPP version of lynx, but haven't done this
yet on a multiuser system. I think that the above should work. If
there is any question as to where to put the "cert.pem" file, just do
"strings lynx" on the lynx binary and search for "cert.pem".

I think you should also be able to put the file in a different
directory by setting "SSL_CERT_FILE" and "SSL_CERT_DIR" in the
environment, but I haven't been able to get this to work yet.
                           Doug
__
Doug Kaufman
Internet: address@hidden


; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden
reply via email to
[Prev in Thread] Current Thread [Next in Thread]