[3.7.0] Import certificates not working

Post bug reports related to either the kiosk ISO or the kiosk wizard here.
Forum rules
Porteus Kiosk section of the forum is unmaintained now. Its kept in a 'read only' mode for archival purposes.
Please use the kiosk contact page for directing your queries: https://porteus-kiosk.org/contact.html
kaaremai
White ninja
White ninja
Posts: 17
Joined: 13 May 2016, 13:10
Distribution: 5.4.0
Location: Denmark

[3.7.0] Import certificates not working

Post#1 by kaaremai » 13 May 2016, 13:17

Hi,

I'm using Porteus Kiosk to display a website. This website uses our own certificate in our enterprise. I therefore need to use the "certificate import function" which is available in the wizard. However it doesn't work.

I have written both the url for the root ca and the enterprise ca. The Enterprise CA is the issuer of the used certificate. But after this, i still get a warning in firefox that the issuer is unknown and therefore the certificate is untrusted.

Is there a bug in 3.7.0 or am i missing something?

User avatar
fanthom
Moderator Team
Moderator Team
Posts: 5666
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland
Contact:

Re: [3.7.0] Import certificates not working

Post#2 by fanthom » 13 May 2016, 13:24

Hello kaaremai,

Import certificates function wont work for self signed certs. Custom build will be necessary so please contact me through builds@porteus-kiosk.org if you are interested:
http://porteus-kiosk.org/builds.html

Thank you.
Please add [Solved] to your thread title if the solution was found.

kaaremai
White ninja
White ninja
Posts: 17
Joined: 13 May 2016, 13:10
Distribution: 5.4.0
Location: Denmark

Re: [3.7.0] Import certificates not working

Post#3 by kaaremai » 13 May 2016, 13:30

fanthom wrote:Hello kaaremai,

Import certificates function wont work for self signed certs. Custom build will be necessary so please contact me through builds@porteus-kiosk.org if you are interested:
http://porteus-kiosk.org/builds.html

Thank you.
Hi,

thanks your your quick answer - but we're not using self signed certs. We're running a proper PKI infrastructure with a root CA and an Enterprise CA as the certificate issuer. The certificate used on the webserver is not self-signed but signed by the CA. This works perfectly fine on all our normal PC's both in firefox and google chrome where the CA cert is distributed through a GPO.

User avatar
fanthom
Moderator Team
Moderator Team
Posts: 5666
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland
Contact:

Re: [3.7.0] Import certificates not working

Post#4 by fanthom » 13 May 2016, 13:38

Hmmm... Is the webpage which you are trying to reach from kiosk available publicly? I would like to check it myself.
Please post here your kiosk config (remove sensitive data) or send it to support@porteus-kiosk.org.

Thank you.
Please add [Solved] to your thread title if the solution was found.

kaaremai
White ninja
White ninja
Posts: 17
Joined: 13 May 2016, 13:10
Distribution: 5.4.0
Location: Denmark

Re: [3.7.0] Import certificates not working

Post#5 by kaaremai » 13 May 2016, 13:49

fanthom wrote:Hmmm... Is the webpage which you are trying to reach from kiosk available publicly? I would like to check it myself.
Please post here your kiosk config (remove sensitive data) or send it to support@porteus-kiosk.org.

Thank you.
Unfortunately it's not available publically.

I'm not sure how i get the config out of an already running kiosk? Is it possible to access some kind of console or menu?

User avatar
fanthom
Moderator Team
Moderator Team
Posts: 5666
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland
Contact:

Re: [3.7.0] Import certificates not working

Post#6 by fanthom » 13 May 2016, 15:06

Is the system time set correctly? Maybe browser "thinks" that certificate expired ... You may check it here:
http://www.uize.com/examples/digital-clock.html

"Unfortunately it's not available publically."
I must get direct access to the kiosk in order to debug this problem. I see 3 ways or doing it:
a) TeamViewer access to your PC and then i do ssh to kiosk
b) direct ssh/vnc access to kiosk
c) kiosk associated with my server:
http://porteus-kiosk.org/screens/news/151128/server.png

Please mind that support fees will apply:
http://porteus-kiosk.org/paid-support.html
Please add [Solved] to your thread title if the solution was found.

Locked