KB 2762: HOW TO ADD AN AUTHORITY CERTIFICATE TO THE SYSTEM STORE USED BY THE OLFEO V6.2 SOLUTION

Published December 20, 2023

Remove the browser notification that the web certificate issuer is untrusted and that it is not possible to continue the connection.

SYMPTOMS

 

As soon as you activate SSL decryption on your web security gateway, you transfer SSL security to the gateway client. In other words, your certificate stores and SSL configurations will no longer be directly involved in handshakes with websites.

The Olfeo solution currently relies on the Debian system store. Occasionally, if the system store doesn't have a certificate present in a chain, you'll see a browser notification telling you that the web certificate issuer is untrusted and we can't proceed with the connection.

 

 

Example: Connection via Firefox and Olfeo to a site presenting us with a server-type certificate from an unknown authority.

STEPS

Here are the steps to follow to solve this problem:

  • Recover and analyze missing certificates on the Internet.
  • Deposit the missing certificate(s) in the Olfeo system. (Please note that the format must be .crt)
  • Import the Olfeo certificate into the system store. Deposit the document in scp (via PuTTY from a Windows workstation) on the Olfeo Copy the deposited certificate into the :

/certs/ : cp file.crt /etc/ssl/certs/

  • Import the Olfeo certificate into the system store. Invoke the :

update-ca-certificates

  • The result should be as follows:Updating certificates in /etc/ssl/certs... 1 added, 0 removed; done.
    Running hooks in /etc/ca-certificates/update.d...
    done.

 

Then all you have to do is try again to connect to the site.