You are not logged in.

#1 2008-01-02 07:47:46

bionnaki
Member
Registered: 2006-09-05
Posts: 289

rtorrent error & ca certificate

hello. I am receiving this error in rtorrent when using .torrent files that use a https tracker (waffles.fm):

Tracker: Peer certificate cannot be authenticated with known CA certificates

I found a tutorial on how to fix this on the waffles.fm forums but it is for ubuntu:

well.. after some testing and typing arround I finally found the solution for ubuntu:

First the steps:

$ sudo openssl s_client -connect waffles.fm:443 |tee ca_save_file
$ sudo openssl x509 -inform PEM -in ca_save_file -text  -out outcert.pem

Importing a Certificate into the System-Wide Certificate Authority Database

You can import a CA Certificate into the system-wide database of trusted certificate authorities. Applications that use this database will automatically trust any certificates stored here.

1. Copy your certificate to the system certificate directory. At a terminal prompt, type:

$ sudo cp outcert.pem /usr/share/ca-certificates/waffles_fm.crt

2. Edit the ca-certificates configuration file /etc/ca-certificates.conf. Add the name of the file you copied to /use/share/ca-certificates to the top of the list just after the final "#". For example:

# This file lists certificates that you wish to use or to ignore to be
# installed in /etc/ssl/certs.
# update-ca-certificates(8) will update /etc/ssl/certs by reading this file.
#
# This is autogenerated by dpkg-reconfigure ca-certificates.
# certificates shoule be installed under /usr/share/ca-certificates
# and files with extension '.crt' is recognized as available certs.
#
# line begins with # is comment.
# line begins with ! is certificate filename to be deselected.
#
waffles_fm.crt
brasil.gov.br/brasil.gov.br.crt
cacert.org/cacert.org.crt
mozilla/ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt
[... many additional certificates omitted ...]

3. Update the CA certificates database by typing:

$ sudo update-ca-certificates

4. You have successfully imported your certificate into the system CA certificates database.

so, how can I do this in arch? thanks.

Last edited by bionnaki (2008-01-02 07:48:18)

Offline

#2 2008-01-02 21:31:00

byte
Member
From: Düsseldorf (DE)
Registered: 2006-05-01
Posts: 1,872

Re: rtorrent error & ca certificate

Run the first two commands, put the .pem file in /etc/ssl/certs and run c_rehash.


I hate sigs. This one only exists to remind myself to get an avatar.

Offline

#3 2008-01-03 01:00:10

bionnaki
Member
Registered: 2006-09-05
Posts: 289

Re: rtorrent error & ca certificate

ok, I did

$ sudo openssl s_client -connect waffles.fm:443 |tee ca_save_file
$ sudo openssl x509 -inform PEM -in ca_save_file -text  -out outcert.pem

and then

sudo cp outcert.pem /etc/ssl/certs
sudo c_rehash

but I'm still getting the error

Tracker: [Peer certificate cannot be authenticated with known CA certificates]

any idea?

Offline

#4 2008-01-03 05:31:22

byte
Member
From: Düsseldorf (DE)
Registered: 2006-05-01
Posts: 1,872

Re: rtorrent error & ca certificate

Ah, well. Seems like I should spend more time reading and stop trusting random Ubuntu advice.

This should work for real now:
- Erase anything in /etc/ssl/certs from your former tries (should be empty then, I guess).
- Download https://www.geotrust.com/resources/root … s_CA-1.cer
- Put it in /etc/ssl/certs, rename it from .cer to .pem, run c_rehash.

Done. Verify with 'curl -I --capath /etc/ssl/certs https://www.waffles.fm', it shouldn't complain.


I hate sigs. This one only exists to remind myself to get an avatar.

Offline

#5 2008-01-03 07:29:55

bionnaki
Member
Registered: 2006-09-05
Posts: 289

Re: rtorrent error & ca certificate

thanks.
but it's still not working.

a waffle invite for anyone who can solve this wink

Offline

#6 2008-01-03 08:38:01

byte
Member
From: Düsseldorf (DE)
Registered: 2006-05-01
Posts: 1,872

Re: rtorrent error & ca certificate

Okay, last try.

I've installed rtorrent and had a look at the manpage.
Start it with

-o http_capath=/etc/ssl/certs

I hate sigs. This one only exists to remind myself to get an avatar.

Offline

#7 2008-01-03 23:24:48

bionnaki
Member
Registered: 2006-09-05
Posts: 289

Re: rtorrent error & ca certificate

well, that works - thank you very much. I doing "screen rtorrent -o http_capath=/etc/ssl/certs" with an alias of

alias r="screen -r"
alias rt="screen rtorrent -o http_capath=/etc/ssl/certs"

to make it easy - couldnt figure out how to do -o http_capath=/etc/ssl/certs in rtorrent.rc but that's fine.

let me know if you want that waffles invite...

Offline

#8 2008-02-17 05:26:41

yabbadabbadont
Member
Registered: 2008-01-19
Posts: 22

Re: rtorrent error & ca certificate

I don't know if it will help, but I have submitted a PKGBUILD to AUR that installs all the common root certificates as provided by the ca-certificates package in Debian (and Gentoo).  The AUR package has the same name, 'ca-certificates'.

Offline

#9 2008-02-17 23:44:07

byte
Member
From: Düsseldorf (DE)
Registered: 2006-05-01
Posts: 1,872

Re: rtorrent error & ca certificate

For reference: http://bugs.archlinux.org/task/7912

bionnaki, you also might want to edit your wiki article... adding the GeoTrust rootcert might help connecting to waffles.fm, but certainly not with every "tracker that uses https".


I hate sigs. This one only exists to remind myself to get an avatar.

Offline

#10 2008-07-28 03:35:07

daedalus
Member
From: Mountain View
Registered: 2007-09-28
Posts: 50
Website

Re: rtorrent error & ca certificate

In case anyone else gets this problem, you can consult this blog post for a compiled how-to: http://hokietux.net/blog/?p=9

Offline

Board footer

Powered by FluxBB