Martin Sourada wrote:
On Fri, 2008-08-22 at 10:20 -0500, Dennis Gilmore wrote:Effective immediately we have replaced the CA that is in use for cvs.fedoraproject.org and koji.fedoraproject.org This effects uploading to lookaside cache and building packages.There are some manual steps that everyone needs to do to be able to use the systems again.they are login to https://admin.fedoraproject.org/accounts/ and click on the "Download a client-side certificate" link at the bottom of the home page. save the output to ~/.fedora.certrm ~/.fedora-server-ca.cert ~/.fedora-upload-ca.cert fedora-packager-setupthen open your browser got to Edit -> Preferences -> Advanced -> Encryption -> View Certificates -> Your Certificates Select your existing Certificate and remove it then import the new one from ~/fedora-browser-cert.p12 you will be able to log in to kojiI did this and I am still not able to log in to koji (trying with epiphany and firefox). This error pops out: Secure Connection Failed An error occurred during a connection to koji.fedoraproject.org. Peer does not recognize and trust the CA that issued your certificate. (Error code: ssl_error_unknown_ca_alert) The page you are trying to view can not be shown because the authenticity of the received data could not be verified. * Please contact the web site owners to inform them of this problem. Is it me, or is it koji problem? Thanks, Martin
Parts of the Fedora infrastructure do not use certificates issued by a CA already trusted by Firefox, but from Fedora's own certificate authority. If you decide to trust Fedora to issue certificates that can identify web sites, you could decide to import that CA cert to your set of trusted roots. You could go to https://admin.fedoraproject.org/fingerprints and install the CA certificate available from the bottom of that page. (Unfortunately the mime type currently is not application/x-x509-ca-cert so you have to safe that file, and then open it, you might even have to go to certificate manager and open the authorities tab, then import from there.) You can confirm the origin of the certificate by comparing the fingerprint presented by Firefox with the one listed on the fingerprints page (at least you'll know that the fingerprints page and the CA are controlled by the same people). Hope that helps, Kai
<<attachment: smime.p7s>>
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
