[3.7.0] Import certificates not working

Post bug reports related to either the kiosk ISO or the kiosk wizard here.
Post Reply
kaaremai
Ronin
Ronin
Posts: 3
Joined: 13 May 2016, 13:10
Distribution: 3.7.0
Location: Denmark

[3.7.0] Import certificates not working

Post#1 by kaaremai » 13 May 2016, 13:17

Hi,

I'm using Porteus Kiosk to display a website. This website uses our own certificate in our enterprise. I therefore need to use the "certificate import function" which is available in the wizard. However it doesn't work.

I have written both the url for the root ca and the enterprise ca. The Enterprise CA is the issuer of the used certificate. But after this, i still get a warning in firefox that the issuer is unknown and therefore the certificate is untrusted.

Is there a bug in 3.7.0 or am i missing something?

User avatar
fanthom
Site Admin
Site Admin
Posts: 4614
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland, currently - Cork, IE
Contact:

Re: [3.7.0] Import certificates not working

Post#2 by fanthom » 13 May 2016, 13:24

Hello kaaremai,

Import certificates function wont work for self signed certs. Custom build will be necessary so please contact me through builds@porteus-kiosk.org if you are interested:
http://porteus-kiosk.org/builds.html

Thank you.
Please add [Solved] to your thread title if the solution was found.

kaaremai
Ronin
Ronin
Posts: 3
Joined: 13 May 2016, 13:10
Distribution: 3.7.0
Location: Denmark

Re: [3.7.0] Import certificates not working

Post#3 by kaaremai » 13 May 2016, 13:30

fanthom wrote:Hello kaaremai,

Import certificates function wont work for self signed certs. Custom build will be necessary so please contact me through builds@porteus-kiosk.org if you are interested:
http://porteus-kiosk.org/builds.html

Thank you.
Hi,

thanks your your quick answer - but we're not using self signed certs. We're running a proper PKI infrastructure with a root CA and an Enterprise CA as the certificate issuer. The certificate used on the webserver is not self-signed but signed by the CA. This works perfectly fine on all our normal PC's both in firefox and google chrome where the CA cert is distributed through a GPO.

User avatar
fanthom
Site Admin
Site Admin
Posts: 4614
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland, currently - Cork, IE
Contact:

Re: [3.7.0] Import certificates not working

Post#4 by fanthom » 13 May 2016, 13:38

Hmmm... Is the webpage which you are trying to reach from kiosk available publicly? I would like to check it myself.
Please post here your kiosk config (remove sensitive data) or send it to support@porteus-kiosk.org.

Thank you.
Please add [Solved] to your thread title if the solution was found.

kaaremai
Ronin
Ronin
Posts: 3
Joined: 13 May 2016, 13:10
Distribution: 3.7.0
Location: Denmark

Re: [3.7.0] Import certificates not working

Post#5 by kaaremai » 13 May 2016, 13:49

fanthom wrote:Hmmm... Is the webpage which you are trying to reach from kiosk available publicly? I would like to check it myself.
Please post here your kiosk config (remove sensitive data) or send it to support@porteus-kiosk.org.

Thank you.
Unfortunately it's not available publically.

I'm not sure how i get the config out of an already running kiosk? Is it possible to access some kind of console or menu?

User avatar
fanthom
Site Admin
Site Admin
Posts: 4614
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland, currently - Cork, IE
Contact:

Re: [3.7.0] Import certificates not working

Post#6 by fanthom » 13 May 2016, 15:06

Is the system time set correctly? Maybe browser "thinks" that certificate expired ... You may check it here:
http://www.uize.com/examples/digital-clock.html

"Unfortunately it's not available publically."
I must get direct access to the kiosk in order to debug this problem. I see 3 ways or doing it:
a) TeamViewer access to your PC and then i do ssh to kiosk
b) direct ssh/vnc access to kiosk
c) kiosk associated with my server:
http://porteus-kiosk.org/screens/news/151128/server.png

Please mind that support fees will apply:
http://porteus-kiosk.org/paid-support.html
Please add [Solved] to your thread title if the solution was found.

Post Reply