Hi Jeff, I do not think that aqbanking checks against the system certificates. But you should have to accept a certificate only once. BUT when called directly from Gnucash aqbanking this does not work. It only remembers the certificate when called from the the command line e.g. with "/Applications/Gnucash.app/Contents/MacOS/aqbanking-cli request —balance”. After that it will only ask you again when the certificate changes.
Cheers, Christoph > Am 16.01.2018 um 04:33 schrieb Jeff Kletsky <gnuc...@allycomm.com>: > > I haven't been able to find much on getting past AqBanking not verifying > certificates for OFX connections. > > https://wiki.gnucash.org/wiki/De/Setting_up_OFXDirectConnect_in_GnuCash_2 > says to "blindly" accept them, which seems risky in this day and age. I found > a question around it asked on the list, but unanswered on 2016-11-23, "OFX > connection certificate troubles" > > http://www.linuxsecurity.com/content/view/188984/102/ suggests that > gwenhywfar was patched to "use system ca-certificates" in 2015. > > Before I dig further into this, is there a way to have the certificates > properly validated and, ideally, the revocation list checked? MacOS X here, > but a "generic" solution as a framework would also help! > > Thanks, > > Jeff > > > _______________________________________________ > gnucash-user mailing list > gnucash-user@gnucash.org > https://lists.gnucash.org/mailman/listinfo/gnucash-user > ----- > Please remember to CC this list on all your replies. > You can do this by using Reply-To-List or Reply-All. _______________________________________________ gnucash-user mailing list gnucash-user@gnucash.org https://lists.gnucash.org/mailman/listinfo/gnucash-user ----- Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.