You are not logged in.
- Topics: Active | Unanswered
#1 2008-01-02 07:47:46
- bionnaki
- Member
- Registered: 2006-09-05
- Posts: 289
rtorrent error & ca certificate
hello. I am receiving this error in rtorrent when using .torrent files that use a https tracker (waffles.fm):
Tracker: Peer certificate cannot be authenticated with known CA certificates
I found a tutorial on how to fix this on the waffles.fm forums but it is for ubuntu:
well.. after some testing and typing arround I finally found the solution for ubuntu:
First the steps:
$ sudo openssl s_client -connect waffles.fm:443 |tee ca_save_file
$ sudo openssl x509 -inform PEM -in ca_save_file -text -out outcert.pemImporting a Certificate into the System-Wide Certificate Authority Database
You can import a CA Certificate into the system-wide database of trusted certificate authorities. Applications that use this database will automatically trust any certificates stored here.
1. Copy your certificate to the system certificate directory. At a terminal prompt, type:
$ sudo cp outcert.pem /usr/share/ca-certificates/waffles_fm.crt
2. Edit the ca-certificates configuration file /etc/ca-certificates.conf. Add the name of the file you copied to /use/share/ca-certificates to the top of the list just after the final "#". For example:
# This file lists certificates that you wish to use or to ignore to be
# installed in /etc/ssl/certs.
# update-ca-certificates(8) will update /etc/ssl/certs by reading this file.
#
# This is autogenerated by dpkg-reconfigure ca-certificates.
# certificates shoule be installed under /usr/share/ca-certificates
# and files with extension '.crt' is recognized as available certs.
#
# line begins with # is comment.
# line begins with ! is certificate filename to be deselected.
#
waffles_fm.crt
brasil.gov.br/brasil.gov.br.crt
cacert.org/cacert.org.crt
mozilla/ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt
[... many additional certificates omitted ...]3. Update the CA certificates database by typing:
$ sudo update-ca-certificates
4. You have successfully imported your certificate into the system CA certificates database.
so, how can I do this in arch? thanks.
Last edited by bionnaki (2008-01-02 07:48:18)
Offline
#2 2008-01-02 21:31:00
- byte
- Member
- From: Düsseldorf (DE)
- Registered: 2006-05-01
- Posts: 1,872
Re: rtorrent error & ca certificate
Run the first two commands, put the .pem file in /etc/ssl/certs and run c_rehash.
I hate sigs. This one only exists to remind myself to get an avatar.
Offline
#3 2008-01-03 01:00:10
- bionnaki
- Member
- Registered: 2006-09-05
- Posts: 289
Re: rtorrent error & ca certificate
ok, I did
$ sudo openssl s_client -connect waffles.fm:443 |tee ca_save_file
$ sudo openssl x509 -inform PEM -in ca_save_file -text -out outcert.pem
and then
sudo cp outcert.pem /etc/ssl/certs
sudo c_rehash
but I'm still getting the error
Tracker: [Peer certificate cannot be authenticated with known CA certificates]
any idea?
Offline
#4 2008-01-03 05:31:22
- byte
- Member
- From: Düsseldorf (DE)
- Registered: 2006-05-01
- Posts: 1,872
Re: rtorrent error & ca certificate
Ah, well. Seems like I should spend more time reading and stop trusting random Ubuntu advice.
This should work for real now:
- Erase anything in /etc/ssl/certs from your former tries (should be empty then, I guess).
- Download https://www.geotrust.com/resources/root … s_CA-1.cer
- Put it in /etc/ssl/certs, rename it from .cer to .pem, run c_rehash.
Done. Verify with 'curl -I --capath /etc/ssl/certs https://www.waffles.fm', it shouldn't complain.
I hate sigs. This one only exists to remind myself to get an avatar.
Offline
#5 2008-01-03 07:29:55
- bionnaki
- Member
- Registered: 2006-09-05
- Posts: 289
Re: rtorrent error & ca certificate
thanks.
but it's still not working.
a waffle invite for anyone who can solve this 
Offline
#6 2008-01-03 08:38:01
- byte
- Member
- From: Düsseldorf (DE)
- Registered: 2006-05-01
- Posts: 1,872
Re: rtorrent error & ca certificate
Okay, last try.
I've installed rtorrent and had a look at the manpage.
Start it with
-o http_capath=/etc/ssl/certsI hate sigs. This one only exists to remind myself to get an avatar.
Offline
#7 2008-01-03 23:24:48
- bionnaki
- Member
- Registered: 2006-09-05
- Posts: 289
Re: rtorrent error & ca certificate
well, that works - thank you very much. I doing "screen rtorrent -o http_capath=/etc/ssl/certs" with an alias of
alias r="screen -r"
alias rt="screen rtorrent -o http_capath=/etc/ssl/certs"
to make it easy - couldnt figure out how to do -o http_capath=/etc/ssl/certs in rtorrent.rc but that's fine.
let me know if you want that waffles invite...
Offline
#8 2008-02-17 05:26:41
- yabbadabbadont
- Member
- Registered: 2008-01-19
- Posts: 22
Re: rtorrent error & ca certificate
I don't know if it will help, but I have submitted a PKGBUILD to AUR that installs all the common root certificates as provided by the ca-certificates package in Debian (and Gentoo). The AUR package has the same name, 'ca-certificates'.
Offline
#9 2008-02-17 23:44:07
- byte
- Member
- From: Düsseldorf (DE)
- Registered: 2006-05-01
- Posts: 1,872
Re: rtorrent error & ca certificate
For reference: http://bugs.archlinux.org/task/7912
bionnaki, you also might want to edit your wiki article... adding the GeoTrust rootcert might help connecting to waffles.fm, but certainly not with every "tracker that uses https".
I hate sigs. This one only exists to remind myself to get an avatar.
Offline
#10 2008-07-28 03:35:07
- daedalus
- Member
- From: Mountain View
- Registered: 2007-09-28
- Posts: 50
- Website
Re: rtorrent error & ca certificate
In case anyone else gets this problem, you can consult this blog post for a compiled how-to: http://hokietux.net/blog/?p=9
Offline