On Thu, Mar 12, 2015 at 12:00:59AM -0400, Bill Horne wrote: > I've come across an odd problem with Rekonq, and I'm looking for help. > > I have a "real" SSL certificate for my website, billhorne.com. It > shows, as is expected, a "padlock" icon when I go to > https://billhorne.com/ . > > Except when I use Rekonq, and then the KDE browser gives me an > "untrusted" error, saying that the root CA certificate is not > trusted for this use. Google searches show that it's a "known" > problem, but the only pages I found were of suggestions that there > was a MITM attack in progress or warning against using a self-signed > cert. > > I took a screen shot of the "deails" page: it's at > https://billhorne.com/snapshot1.png . All suggestions are welcome, > and thank you in advance.
https://www.ssllabs.com/ssltest/analyze.html?d=billhorne.com&latest You probably have some certificate chain problems that Rekonq is sensitive to. You support weak algorithms -- try: SSLCipherSuite ALL:!ADH:RC4:+HIGH:+MEDIUM:!LOW:!EXP:!AECDH SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2 SSLCompression off With RC4, you have some weakness, but without RC4, you'll lose a lot of older browsers. In a year or three you can probably drop that, too. And when you renew the cert, you should get SHA2 instead of SHA1. That's all the things I can see. -dsr- _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
