Re: can't login to koji - ssl error
On Ter, 2016-05-03 at 08:49 -0500, Rex Dieter wrote: > Sérgio Basto wrote: > > > > > On Ter, 2016-05-03 at 07:34 -0400, Neal Becker wrote: > > > > > > chrome is refusing to login to: > > > > > > https://koji.fedoraproject.org/koji/login > > > > > > This site can’t provide a secure connection > > > > > > koji.fedoraproject.org sent an invalid response. > > > Try: > > > Reloading the page > > > Learn more about this problem. > > > ERR_SSL_PROTOCOL_ERROR > > > > > > Appears to be a deprecation in chrome 50: > > > https://developers.google.com/web/updates/2016/03/chrome-50-depre > > > cati > > > ons?hl=en=ir_ssl_error=en=1#remove-insecure-tls-version- > > > fallback > > > org > > I just login to https://koji.fedoraproject.org/koji/login using > > Chrome > > Version 51.0.2704.29 beta (64-bit) > > > > Maybe you need renew your certificate: > > fedora-cert -v > > > > openssl pkcs12 -export -in ~/.fedora.cert -CAfile ~/.fedora-upload- > > ca.cert > > -out ~/fedora-browser-cert.p12 > Or: > fedora-packager-setup --with-browser-cert > > In my experience, one needs to import both the user cert produced by > that, > *and* fedora-server-ca.cert (as CA cert) Correct, thanks for the tip, but we just need import fedora-server- ca.cert one time, while fedora-browser-cert.p12 we need import/update it every 6 months, because fedora-browser-cert.p12 expires every 6 months, so on "renew certificate", we just need import/update the new ~/fedora-browser-cert.p12 :) -- Sérgio M. B. -- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
Re: can't login to koji - ssl error
Sérgio Basto wrote: > On Ter, 2016-05-03 at 07:34 -0400, Neal Becker wrote: >> chrome is refusing to login to: >> >> https://koji.fedoraproject.org/koji/login >> >> This site can’t provide a secure connection >> >> koji.fedoraproject.org sent an invalid response. >> Try: >> Reloading the page >> Learn more about this problem. >> ERR_SSL_PROTOCOL_ERROR >> >> Appears to be a deprecation in chrome 50: >> https://developers.google.com/web/updates/2016/03/chrome-50-deprecati >> ons?hl=en=ir_ssl_error=en=1#remove-insecure-tls-version- >> fallback >> org > > I just login to https://koji.fedoraproject.org/koji/login using Chrome > Version 51.0.2704.29 beta (64-bit) > > Maybe you need renew your certificate: > fedora-cert -v > > openssl pkcs12 -export -in ~/.fedora.cert -CAfile ~/.fedora-upload-ca.cert > -out ~/fedora-browser-cert.p12 Or: fedora-packager-setup --with-browser-cert In my experience, one needs to import both the user cert produced by that, *and* fedora-server-ca.cert (as CA cert) -- Rex -- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
Re: can't login to koji - ssl error
The login button in koji will not work unless you configure Chrome to use your client certificate; I dunno how to do that. I read somewhere that Chrome will be dropping support for client certs, but I forget where I read it and I can't find any links to support that. On Tue, 2016-05-03 at 07:34 -0400, Neal Becker wrote: > Appears to be a deprecation in chrome 50: > https://developers.google.com/web/updates/2016/03/chrome-50-deprecati > ons?hl=en=ir_ssl_error=en=1#remove-insecure-tls-version- > fallback Nope, then you would get ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION. Insecure version fallback is for the most seriously broken of servers. The client says "I support TLS 1.2" but the server only supports an older version, say 1.0. The server is supposed to say "too bad, we will establish a TLS 1.0 connection," because min(1.0, 1.2) = 1.0, right? Instead these broken servers see 1.2, think "what on Earth is 1.2?" and terminate the connection. I'm not aware of any open source servers that have ever been affected by this; I've personally only seen it with old Microsoft IIS servers. It turns out that the link that explains the error message is wrong: https://bugs.chromium.org/p/chromium/issues/detail?id=607052 Michael P.S. Now, the koji configuration IS seriously broken, as it uses a self-signed certificate. This makes no sense, as the packager cannot trust that the server is the real koji; I have to click through the scary security warning whenever I visit koji for the first time after restarting my browser, and I don't like doing that, so I only ever access koji via plain HTTP and never HTTPS. I've heard claims that the self-signed certificate is needed for client authentication, but I don't think that's right and I know of no evidence to support this. (Fortunately, much more important for koji is to authenticate the packager's client certificate, and that seems to be working properly.) P.S.S. koji is using an absurd 8096 RSA key size. This is pointless. 2048 is the recommended key size nowadays; 4096 is considered expensive and paranoid. -- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
Re: can't login to koji - ssl error
On Ter, 2016-05-03 at 07:34 -0400, Neal Becker wrote: > chrome is refusing to login to: > > https://koji.fedoraproject.org/koji/login > > This site can’t provide a secure connection > > koji.fedoraproject.org sent an invalid response. > Try: > Reloading the page > Learn more about this problem. > ERR_SSL_PROTOCOL_ERROR > > Appears to be a deprecation in chrome 50: > https://developers.google.com/web/updates/2016/03/chrome-50-deprecati > ons?hl=en=ir_ssl_error=en=1#remove-insecure-tls-version- > fallback > org I just login to https://koji.fedoraproject.org/koji/login using Chrome Version 51.0.2704.29 beta (64-bit) Maybe you need renew your certificate: fedora-cert -v openssl pkcs12 -export -in ~/.fedora.cert -CAfile ~/.fedora-upload-ca.cert -out ~/fedora-browser-cert.p12 and import ~/fedora-browser-cert.p12 to Chrome -- Sérgio M. B. -- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
Re: can't login to koji - ssl error
On 3 May 2016 12:34, "Neal Becker" <ndbeck...@gmail.com> wrote: > > chrome is refusing to login to: > > https://koji.fedoraproject.org/koji/login > > This site can’t provide a secure connection > > koji.fedoraproject.org sent an invalid response. > Try: > Reloading the page > Learn more about this problem. > ERR_SSL_PROTOCOL_ERROR > > Appears to be a deprecation in chrome 50: > https://developers.google.com/web/updates/2016/03/chrome-50-deprecations?hl=en=ir_ssl_error=en=1#remove-insecure-tls-version-fallback > -- What are you trying to do? To my knowledge that login has never (or at least in a long long time) worked as it authenticates using PKI certificates, not the Fedora oauth stuff. Generally you should be interacting with koji through the fedpkg/koji CLI tools. -- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
can't login to koji - ssl error
chrome is refusing to login to: https://koji.fedoraproject.org/koji/login This site can’t provide a secure connection koji.fedoraproject.org sent an invalid response. Try: Reloading the page Learn more about this problem. ERR_SSL_PROTOCOL_ERROR Appears to be a deprecation in chrome 50: https://developers.google.com/web/updates/2016/03/chrome-50-deprecations?hl=en=ir_ssl_error=en=1#remove-insecure-tls-version-fallback -- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
Re: Login to Koji
Hopefully, last problem is how do I specify proxy for koji commands? Does it not support proxies? I found this being asked earlier, http://www.redhat.com/archives/rhl-devel-list/2008-August/msg00667.html? kevin I think it uses the normal http_proxy and https_proxy env variables... Dennis Koji doesnt support proxies. the ssl code opens sockets directly I think Dennis is right. Even after setting proxy env vars, koji is not able to connect. Given that I have to do it from behind a proxy, what is the alternative for me in this case? Thanks, Ravindra -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Login to Koji
On Fri, 19 Apr 2013 19:51:37 +0200 Thomas Moschny thomas.mosc...@gmail.com wrote: ;) Agreed in principle. On the other hand, all these possible solutions require something running on my side permanently :( -- Thomas http://blogtrottr.com/about/ then use your email filters. -- Regards, Frank http//www.frankly3d.com -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Login to Koji
2013/4/18 Kevin Fenzi ke...@scrye.com: There's no reason you ever need to login to the web interface, so just don't bother and move on. ;) Almost everything can be done using the koji command line, but one thing I couldn't find: Koji's web interface let me create a notification, so I get notified whenever a selected package is build (optionally selecting a tag, and optionally on success only). How can I add/modify/remove such notification subscriptions without the web interface? -- Thomas -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Login to Koji
On Thu, 18 Apr 2013 14:37:34 -0700 (PDT) Ravindra Kumar ravindraku...@vmware.com wrote: We are adjusting anything that tells you you need to set this up. Where did you see it? From fedora-packager-setup? Yes. It generates a cert for browser and asks it to be imported in the browser. Yeah, soon it will stop doing that. ;) BTW, fedora-packager-setup has not generated ~/.koji directory for me, https://fedoraproject.org/wiki/Using_the_Koji_build_system#Koji_Config You don't need one. I fixed the wiki page. ;) Hopefully, last problem is how do I specify proxy for koji commands? Does it not support proxies? I found this being asked earlier, http://www.redhat.com/archives/rhl-devel-list/2008-August/msg00667.html? I think it uses the normal http_proxy and https_proxy env variables... kevin signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Login to Koji
On Fri, 19 Apr 2013 10:36:16 +0800 Mathieu Bridon boche...@fedoraproject.org wrote: The Koji web interface still has a login button, maybe it should be removed completely? Perhaps so. kevin signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Login to Koji
On Fri, 19 Apr 2013 11:46:56 +0200 Thomas Moschny thomas.mosc...@gmail.com wrote: Almost everything can be done using the koji command line, but one thing I couldn't find: Koji's web interface let me create a notification, so I get notified whenever a selected package is build (optionally selecting a tag, and optionally on success only). How can I add/modify/remove such notification subscriptions without the web interface? It's true that you cannot do that from the command line interface. However, there's a bunch of other ways to get that info: - Subscribe to the koji recent builds rss feed: http://koji.fedoraproject.org/koji/recentbuilds and alert on whatever builds you care about. - Join the #fedora-fedmsg channel on irc and setup notify for whatever packages you care about and what part of the build (since it will send a message on build start, build end, success or failure, tagging into tag, etc). - Setup fedmsg-notify on your desktop and set it to look for the same above messages. - Setup your own fedmsg consumer to look for the messages and do whatever you want on getting them. email you? IMHO we should really move to using fedmsg for these things instead of a non standard difficult interface in a specific app. ;) kevin signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Login to Koji
On Fri, Apr 19, 2013 at 11:37:16AM -0600, Kevin Fenzi wrote: - Setup your own fedmsg consumer to look for the messages and do whatever you want on getting them. email you? If you want help doing this, feel free to ask in #fedora-apps on freenode. http://www.fedmsg.com/en/latest/consuming/#naive-consuming pgpamTmiWIXnX.pgp Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Login to Koji
2013/4/19 Kevin Fenzi ke...@scrye.com: It's true that you cannot do that from the command line interface. However, there's a bunch of other ways to get that info: - Subscribe to the koji recent builds rss feed: http://koji.fedoraproject.org/koji/recentbuilds and alert on whatever builds you care about. - Join the #fedora-fedmsg channel on irc and setup notify for whatever packages you care about and what part of the build (since it will send a message on build start, build end, success or failure, tagging into tag, etc). - Setup fedmsg-notify on your desktop and set it to look for the same above messages. - Setup your own fedmsg consumer to look for the messages and do whatever you want on getting them. email you? IMHO we should really move to using fedmsg for these things instead of a non standard difficult interface in a specific app. ;) Agreed in principle. On the other hand, all these possible solutions require something running on my side permanently :( -- Thomas -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Login to Koji
On Fri, Apr 19, 2013 at 07:51:37PM +0200, Thomas Moschny wrote: 2013/4/19 Kevin Fenzi ke...@scrye.com: It's true that you cannot do that from the command line interface. However, there's a bunch of other ways to get that info: - Subscribe to the koji recent builds rss feed: http://koji.fedoraproject.org/koji/recentbuilds and alert on whatever builds you care about. - Join the #fedora-fedmsg channel on irc and setup notify for whatever packages you care about and what part of the build (since it will send a message on build start, build end, success or failure, tagging into tag, etc). - Setup fedmsg-notify on your desktop and set it to look for the same above messages. - Setup your own fedmsg consumer to look for the messages and do whatever you want on getting them. email you? IMHO we should really move to using fedmsg for these things instead of a non standard difficult interface in a specific app. ;) Agreed in principle. On the other hand, all these possible solutions require something running on my side permanently :( In theory, the infrastructure team could build a webapp that: 1) Allows you to manage centralized notification preferences. 2) Listens to the bus and sends emails as appropriate. It could be cool. We could host it at, say, apps.fedoraproject.org/busmail. I've created a ticket to track it as an idea. If you're interested in having such a thing around, please chime in there with a :+1: and any special requirements: https://github.com/fedora-infra/fedmsg/issues/134 pgpmINkKm2LvI.pgp Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Login to Koji
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 El Thu, 18 Apr 2013 14:37:34 -0700 (PDT) Ravindra Kumar ravindraku...@vmware.com escribió: We are adjusting anything that tells you you need to set this up. Where did you see it? From fedora-packager-setup? Yes. It generates a cert for browser and asks it to be imported in the browser. BTW, fedora-packager-setup has not generated ~/.koji directory for me, https://fedoraproject.org/wiki/Using_the_Koji_build_system#Koji_Config Hopefully, last problem is how do I specify proxy for koji commands? Does it not support proxies? I found this being asked earlier, http://www.redhat.com/archives/rhl-devel-list/2008-August/msg00667.html? Thanks in advance, Ravindra Koji doesnt support proxies. the ssl code opens sockets directly Dennis -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlFyEBYACgkQkSxm47BaWfer4ACgiru3VOZQ2DQxr4JSmFWmZF2u gtwAn3bu/PoJReeIrXpZ/VyzPY335o0r =4AjA -END PGP SIGNATURE- -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Login to Koji
Hi, I have setup my certificate today using fedora-packager-setup. However, when I try to login to https://koji.fedoraproject.org/koji/ after importing fedora-browser-cert.p12 into Firefox, it keeps timing out. I have tried with Firefox 19.0.2 on Windows and 17.0.1 on Fedora 18. Any ideas what could be the problem? Thanks, Ravindra -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Login to Koji
On Thu, 18 Apr 2013 11:17:13 -0700 (PDT) Ravindra Kumar ravindraku...@vmware.com wrote: Hi, I have setup my certificate today using fedora-packager-setup. However, when I try to login to https://koji.fedoraproject.org/koji/ after importing fedora-browser-cert.p12 into Firefox, it keeps timing out. I have tried with Firefox 19.0.2 on Windows and 17.0.1 on Fedora 18. Any ideas what could be the problem? Others have reported this in the past. However, it's not worth debugging. There's no reason you ever need to login to the web interface, so just don't bother and move on. ;) We are adjusting anything that tells you you need to set this up. Where did you see it? From fedora-packager-setup? kevin signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Login to Koji
We are adjusting anything that tells you you need to set this up. Where did you see it? From fedora-packager-setup? Yes. It generates a cert for browser and asks it to be imported in the browser. BTW, fedora-packager-setup has not generated ~/.koji directory for me, https://fedoraproject.org/wiki/Using_the_Koji_build_system#Koji_Config Hopefully, last problem is how do I specify proxy for koji commands? Does it not support proxies? I found this being asked earlier, http://www.redhat.com/archives/rhl-devel-list/2008-August/msg00667.html? Thanks in advance, Ravindra -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Login to Koji
On Thu, 2013-04-18 at 15:05 -0600, Kevin Fenzi wrote: On Thu, 18 Apr 2013 11:17:13 -0700 (PDT) Ravindra Kumar ravindraku...@vmware.com wrote: Hi, I have setup my certificate today using fedora-packager-setup. However, when I try to login to https://koji.fedoraproject.org/koji/ after importing fedora-browser-cert.p12 into Firefox, it keeps timing out. I have tried with Firefox 19.0.2 on Windows and 17.0.1 on Fedora 18. Any ideas what could be the problem? Others have reported this in the past. However, it's not worth debugging. There's no reason you ever need to login to the web interface, so just don't bother and move on. ;) We are adjusting anything that tells you you need to set this up. Where did you see it? From fedora-packager-setup? The Koji web interface still has a login button, maybe it should be removed completely? -- Mathieu -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Unable to login to Koji website
Am 09.07.2012 23:17, schrieb Matt Spaulding: I'm having trouble logging into the Koji website. I ran fedora-packager-setup on the command line and generated my certs, including the browser cert for Firefox. I then followed the instructions on the wiki to import the cert into my browser. When clicking login on Koji it asks if I would like to use my imported certificate to log in. After clicking Ok the website spins trying to connect and is not able to do so. Did I miss a step? Anyone had this happen? Btw, I am able to use the Koji command line tool just fine. Same problem here. Starting built processes on koji via cli ain't a problem, but logging in via Firefox and a valid, new certificate doesn't work. Any hints? Regards, vinz. -- Vinzenz Vietzke B1 Systems GmbH Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537 -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Unable to login to Koji website
Hi, I'm having trouble logging into the Koji website. I ran fedora-packager-setup on the command line and generated my certs, including the browser cert for Firefox. I then followed the instructions on the wiki to import the cert into my browser. When clicking login on Koji it asks if I would like to use my imported certificate to log in. After clicking Ok the website spins trying to connect and is not able to do so. Did I miss a step? Anyone had this happen? Btw, I am able to use the Koji command line tool just fine. Regards, Matt -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Unable to login to Koji website
On Seg, 2012-07-09 at 14:17 -0700, Matt Spaulding wrote: Hi, I'm having trouble logging into the Koji website. I ran fedora-packager-setup on the command line and generated my certs, including the browser cert for Firefox. I then followed the instructions on the wiki to import the cert into my browser. When clicking login on Koji it asks if I would like to use my imported certificate to log in. After clicking Ok the website spins trying to connect and is not able to do so. check Valid from 27-05-2012 23:17:21 to 23-11-2012 22:17:21 and see if isn't out-of-date -- Sérgio M. B. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Unable to login to Koji website
On Mon, Jul 9, 2012 at 5:04 PM, Sérgio Basto ser...@serjux.com wrote: check Valid from 27-05-2012 23:17:21 to 23-11-2012 22:17:21 and see if isn't out-of-date Certificate says it's valid not before (6/9/12 4:29:19 GMT) and not after (12/6/12 4:29:19 GMT), so I think it should be okay. I've attempted to log in from two different computers as well. One running Fedora 17 and the other is a Mac. -- Sérgio M. B. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Unable to login to Koji website
I heard that there was a DNS problem that was to affect a relatively significant number of people today On Jul 9, 2012 5:20 PM, Matt Spaulding mspauldin...@gmail.com wrote: On Mon, Jul 9, 2012 at 5:04 PM, Sérgio Basto ser...@serjux.com wrote: check Valid from 27-05-2012 23:17:21 to 23-11-2012 22:17:21 and see if isn't out-of-date Certificate says it's valid not before (6/9/12 4:29:19 GMT) and not after (12/6/12 4:29:19 GMT), so I think it should be okay. I've attempted to log in from two different computers as well. One running Fedora 17 and the other is a Mac. -- Sérgio M. B. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Unable to login to Koji website
On 07/09/2012 08:20 PM, Matt Spaulding wrote: On Mon, Jul 9, 2012 at 5:04 PM, Sérgio Basto ser...@serjux.com mailto:ser...@serjux.com wrote: check Valid from 27-05-2012 23 tel:27-05-2012%2023:17:21 to 23-11-2012 22:17:21 and see if isn't out-of-date Certificate says it's valid not before (6/9/12 4:29:19 GMT) and not after (12/6/12 4:29:19 GMT), so I think it should be okay. I've attempted to log in from two different computers as well. One running Fedora 17 and the other is a Mac. Look at the certificate in Firefox (Edit - Preferences - Advanced - View Certificates - Your Certificates), under Fedora Project. Hit View, and look under Validity. I bet _that_ one has expired, or isn't imported. fedora-packager-setup (in the fedora-packager RPM) will walk you through updating this, but basically, you need to generate a new browser cert, then import the new fedora-browser-cert.p12 file. Now, if your certificate in Firefox is still valid, I dunno. ~tom == Fedora Project -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Unable to login to Koji website
On Seg, 2012-07-09 at 17:20 -0700, Matt Spaulding wrote: On Mon, Jul 9, 2012 at 5:04 PM, Sérgio Basto ser...@serjux.com wrote: check Valid from 27-05-2012 23:17:21 to 23-11-2012 22:17:21 and see if isn't out-of-date Certificate says it's valid not before (6/9/12 4:29:19 GMT) and not after (12/6/12 4:29:19 GMT), so I think it should be okay. I've attempted to log in from two different computers as well. One running Fedora 17 and the other is a Mac. I remember that I had a similar issue, when my certificate expired ... when you press Download a client-side certificate all others certificates expired . I after do every thing correct I login again without problem. -- Sérgio M. B. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Unable to login to Koji website
On Mon, Jul 9, 2012 at 5:59 PM, Tom Callaway tcall...@redhat.com wrote: Look at the certificate in Firefox (Edit - Preferences - Advanced - View Certificates - Your Certificates), under Fedora Project. Hit View, and look under Validity. I bet _that_ one has expired, or isn't imported. fedora-packager-setup (in the fedora-packager RPM) will walk you through updating this, but basically, you need to generate a new browser cert, then import the new fedora-browser-cert.p12 file. Now, if your certificate in Firefox is still valid, I dunno. I looked under Validity like you suggest and everything looked okay. I've deleted and reimported the certificate into my browser a number of times now all to no avail. Does it matter that the first time I attempt to login the browser warns that This Connection is Untrusted and asks me to add an exception? I've also noticed that if I import fedora-server-ca.cert under the Authorities tab that it will not ask me to add an exception. Either way I've been unable to log in. ~tom == Fedora Project -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Unable to login to Koji website
On Tuesday, July 10, 2012, Matt Spaulding mspauldin...@gmail.com wrote: On Mon, Jul 9, 2012 at 5:59 PM, Tom Callaway tcall...@redhat.com wrote: Look at the certificate in Firefox (Edit - Preferences - Advanced - View Certificates - Your Certificates), under Fedora Project. Hit View, and look under Validity. I bet _that_ one has expired, or isn't imported. fedora-packager-setup (in the fedora-packager RPM) will walk you through updating this, but basically, you need to generate a new browser cert, then import the new fedora-browser-cert.p12 file. Now, if your certificate in Firefox is still valid, I dunno. I looked under Validity like you suggest and everything looked okay. I've deleted and reimported the certificate into my browser a number of times now all to no avail. Does it matter that the first time I attempt to login the browser warns that This Connection is Untrusted and asks me to add an exception? I've also noticed that if I import fedora-server-ca.cert under the Authorities tab that it will not ask me to add an exception. Either way I've been unable to log in. ~tom == Fedora Project This problem happened to me earlier,I still can't login,too. -- Best Regards, Christopher Meng--'Cicku' Ambassador/Contributor of Fedora Project and Contributor of GNU. Blog:http://cicku.me Social:http://about.me/cicku -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel