December 10, 2021, 5:46pm
Hi everyone! I installed Fedora 35 on my laptop a few days ago and the experience has been fantastic overall. However, I’ve ran into a problem while trying to add my online accounts. When I sign in with my Google or Microsoft account, the message “Unacceptable TLS certificate” appears. I have been trying to find a way to fix it but I haven’t found anything. I did a little bit of research and I reinstalled ca-certificates but it didn’t solve the problem.
These are the threads I found about this problem:
I’m kind of a new Linux user so this may be really easy to solve. Anyway, any help would be really appreciated. Thank you!
December 10, 2021, 6:23pm
This could be a sign that you are behind a proxy.
Or your traffic is filtered and redirected somewhere upstream.
To isolate the issue, try enabling DoT and using a VPN.
December 10, 2021, 7:10pm
Thanks for trying to help me! I’ve followed your instructions and the issue persists.
December 10, 2021, 7:32pm
What time is it?
Really. One reason could be a wrong date/time on your computer.
December 10, 2021, 7:40pm
I’ve just double-checked the settings, date and time are correct.
December 10, 2021, 7:54pm
Could you run this command?
echo | gnutls-cli -d 1 accounts.google.com -p 443 | fpaste
(It performs a connection to
accounts.google.com then will paste the output to a pastebin service). Just to check if the problem is somewhat system wide or limited to GNOME Online Accounts.
December 10, 2021, 8:16pm
December 10, 2021, 8:41pm
The result is ok.
G_TLS_CERTIFICATE_GENERIC_ERROR/"Unacceptable TLS certificate" for https://account.live.com certificate (#180) · Issues · GNOME / glib-networking · GitLab and other tickets there.
It’s not clear to me what is the point. It seems related to
Btw GNOME Online Accounts works on my system.
Does your system is fully updated?
What is the version of
glib-networking on your system?
rpm -q glib-networking
December 10, 2021, 9:03pm
I have everything up to date with GNOME Software. I ran into this issue just after the first boot, with a clean installation, which seems really weird to me.
December 10, 2021, 9:17pm
By the way, I also have a problem with GNOME extensions. I have the browser extension and
chrome-gnome-shell installed but the page says that native host connector is not detected. I don’t know if these two issues can be related in any way. If not, I plan to elaborate on that issue in another thread.
December 11, 2021, 5:29am
I agree that it is weird.
Try to lower the crypto policy
sudo update-crypto-policies --set LEGACY
December 11, 2021, 5:52am
Out of curiosity, how did you do it?
December 11, 2021, 12:42pm
It worked! Thank you so much!!!
I’ve connected my Google and Microsoft accounts and it works perfectly.
sudo dnf reinstall ca-certificates, I don’t know if that’s the right way to do it.
December 11, 2021, 2:48pm
I was wondering why it wasn’t working and abandoned trying some time ago. But thanks for the fix.
Would this impact on security if we set this policy to legacy?
December 11, 2021, 3:17pm
No. As far as I know, it simply allow to accept keys and certificates (i.e. for ssh and https) that are still using older (and sometimes deprecated) encryption algorithms.
The weird thing however is that GNOME Online Accounts works for me without setting such crypto policy to legacy.