You are not logged in.

#1 2008-01-02 07:47:46

bionnaki
Member
Registered: 2006-09-05
Posts: 289

rtorrent error & ca certificate

hello. I am receiving this error in rtorrent when using .torrent files that use a https tracker (waffles.fm):

Tracker: Peer certificate cannot be authenticated with known CA certificates

I found a tutorial on how to fix this on the waffles.fm forums but it is for ubuntu:

well.. after some testing and typing arround I finally found the solution for ubuntu:

First the steps:

$ sudo openssl s_client -connect waffles.fm:443 |tee ca_save_file
$ sudo openssl x509 -inform PEM -in ca_save_file -text  -out outcert.pem

Importing a Certificate into the System-Wide Certificate Authority Database

You can import a CA Certificate into the system-wide database of trusted certificate authorities. Applications that use this database will automatically trust any certificates stored here.

1. Copy your certificate to the system certificate directory. At a terminal prompt, type:

$ sudo cp outcert.pem /usr/share/ca-certificates/waffles_fm.crt

2. Edit the ca-certificates configuration file /etc/ca-certificates.conf. Add the name of the file you copied to /use/share/ca-certificates to the top of the list just after the final "#". For example:

# This file lists certificates that you wish to use or to ignore to be
# installed in /etc/ssl/certs.
# update-ca-certificates(8) will update /etc/ssl/certs by reading this file.
#
# This is autogenerated by dpkg-reconfigure ca-certificates.
# certificates shoule be installed under /usr/share/ca-certificates
# and files with extension '.crt' is recognized as available certs.
#
# line begins with # is comment.
# line begins with ! is certificate filename to be deselected.
#
waffles_fm.crt
brasil.gov.br/brasil.gov.br.crt
cacert.org/cacert.org.crt
mozilla/ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt
[... many additional certificates omitted ...]

3. Update the CA certificates database by typing:

$ sudo update-ca-certificates

4. You have successfully imported your certificate into the system CA certificates database.

so, how can I do this in arch? thanks.

Last edited by bionnaki (2008-01-02 07:48:18)

Offline

#2 2008-01-02 21:31:00

byte
Member
From: Düsseldorf (DE)
Registered: 2006-05-01
Posts: 2,046

Re: rtorrent error & ca certificate

Run the first two commands, put the .pem file in /etc/ssl/certs and run c_rehash.


1000

Offline

#3 2008-01-03 01:00:10

bionnaki
Member
Registered: 2006-09-05
Posts: 289

Re: rtorrent error & ca certificate

ok, I did

$ sudo openssl s_client -connect waffles.fm:443 |tee ca_save_file
$ sudo openssl x509 -inform PEM -in ca_save_file -text  -out outcert.pem

and then

sudo cp outcert.pem /etc/ssl/certs
sudo c_rehash

but I'm still getting the error

Tracker: [Peer certificate cannot be authenticated with known CA certificates]

any idea?

Offline

#4 2008-01-03 05:31:22

byte
Member
From: Düsseldorf (DE)
Registered: 2006-05-01
Posts: 2,046

Re: rtorrent error & ca certificate

Ah, well. Seems like I should spend more time reading and stop trusting random Ubuntu advice.

This should work for real now:
- Erase anything in /etc/ssl/certs from your former tries (should be empty then, I guess).
- Download https://www.geotrust.com/resources/root … s_CA-1.cer
- Put it in /etc/ssl/certs, rename it from .cer to .pem, run c_rehash.

Done. Verify with 'curl -I --capath /etc/ssl/certs https://www.waffles.fm', it shouldn't complain.


1000

Offline

#5 2008-01-03 07:29:55

bionnaki
Member
Registered: 2006-09-05
Posts: 289

Re: rtorrent error & ca certificate

thanks.
but it's still not working.

a waffle invite for anyone who can solve this wink

Offline

#6 2008-01-03 08:38:01

byte
Member
From: Düsseldorf (DE)
Registered: 2006-05-01
Posts: 2,046

Re: rtorrent error & ca certificate

Okay, last try.

I've installed rtorrent and had a look at the manpage.
Start it with

-o http_capath=/etc/ssl/certs

1000

Offline

#7 2008-01-03 23:24:48

bionnaki
Member
Registered: 2006-09-05
Posts: 289

Re: rtorrent error & ca certificate

well, that works - thank you very much. I doing "screen rtorrent -o http_capath=/etc/ssl/certs" with an alias of

alias r="screen -r"
alias rt="screen rtorrent -o http_capath=/etc/ssl/certs"

to make it easy - couldnt figure out how to do -o http_capath=/etc/ssl/certs in rtorrent.rc but that's fine.

let me know if you want that waffles invite...

Offline

#8 2008-02-17 05:26:41

yabbadabbadont
Member
Registered: 2008-01-19
Posts: 22

Re: rtorrent error & ca certificate

I don't know if it will help, but I have submitted a PKGBUILD to AUR that installs all the common root certificates as provided by the ca-certificates package in Debian (and Gentoo).  The AUR package has the same name, 'ca-certificates'.

Offline

#9 2008-02-17 23:44:07

byte
Member
From: Düsseldorf (DE)
Registered: 2006-05-01
Posts: 2,046

Re: rtorrent error & ca certificate

For reference: http://bugs.archlinux.org/task/7912

bionnaki, you also might want to edit your wiki article... adding the GeoTrust rootcert might help connecting to waffles.fm, but certainly not with every "tracker that uses https".


1000

Offline

#10 2008-07-28 03:35:07

daedalus
Member
From: Mountain View
Registered: 2007-09-28
Posts: 50
Website

Re: rtorrent error & ca certificate

In case anyone else gets this problem, you can consult this blog post for a compiled how-to: http://hokietux.net/blog/?p=9

Offline

Board footer

Powered by FluxBB