How to trust new certificate authority?

bradpitcher · October 26, 2023, 7:51pm

Has anyone been able to successfully trust an additional certificate authority in FAR? I’m trying to use mitmproxy, but can’t figure out how to get the system to trust the CA certificate it generated. I tried to follow the Fedora documentation but it’s not working. I had this working fine in Arch Linux. Actually, I’m starting to wonder if there is an OpenSSL bug in FAR because when I try to make the request over curl I get an OpenSSL exception

* CONNECT phase completed
* CONNECT tunnel established, response 200
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/pki/tls/certs/ca-bundle.crt
*  CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, decrypt error (563):
* OpenSSL/3.0.9: error:0200008A:rsa routines::invalid padding
* Closing connection 0
curl: (35) OpenSSL/3.0.9: error:0200008A:rsa routines::invalid padding

Anyone have any luck with this?

vgaetera · October 26, 2023, 9:44pm

bradpitcher · October 26, 2023, 11:05pm

Welp, it seems that my mitmproxy CA cert somehow got corrupted. I replaced the cert (at ~/.mitmproxy/mitmproxy-ca.pem) with a new one and now everything is working beautifully

Topic		Replies	Views
Installing root ca Ask Fedora ca-certificate , curl	4	421	October 27, 2024
Problem with firefox and easy-rsa root certificate not working Ask Fedora firefox , server , easy-rsa	6	184	August 20, 2024
How to distrust some root certificates? Ask Fedora f38	14	864	November 19, 2023
Recommended way of adding CA Certificates? Project Discussion coreos-wg	4	6896	March 4, 2020
Cannot connect to IKEv2 VPN on Fedora 33 - No trusted RSA public key found Ask Fedora f33 , vpn , networking , gnome	34	6425	November 5, 2024

How to trust new certificate authority?

Related topics