Arch Linux

Brinox

Member

Registered: 2015-03-16

Posts: 4

[SOLVED] Invalid SSL Certificate in GNOME Apps for login.live.com

Hi,

since the latest update on ca-certificates-mozilla, some of my GNOME applications, for example Epiphany and Evolution produce errors when connecting to login.live.com (Outlook.com mail services) saying the SSL certificate is not valid. I added screenshots from these two applications.

I tried other browsers, that use the system's internal SSL certificate store like Chromium, no errors. Even with cURL and wget, everything is fine. I even tried adding the certificate from login.live.com directly to /etc/ca-certificates/trust-source/anchors plus executing update-ca-trust. Chromium recognizes that and does not show the certificate chain any more but Epiphany and Evolution do not seem to care about that.

The error is reproducible on both my desktop PC and notebook. Anyone having a clue what's going on here?

Edit: Related thread https://bbs.archlinux.org/viewtopic.php?id=199042 suggests to downgrade ca-certificates-mozilla to 3.19.1-1. Watching the diff of the two packages does not show any changes to the VeriSign Class 3 G5 CA certificate nor the SSL CA EV intermediate certificate, that are part of the certificate chain for login.live.com. I don't understand, why this update causes issues...

Solution: ca-certficates-mozilla 3.19.2-2 solved the issue, see https://projects.archlinux.org/svntogit … 22c8fb4bb7

Last edited by Brinox (2015-06-28 10:34:16)