Root Certs Update | webOS Nation
 
 

Root Certs Update 0

by frantid Fri, 30 Oct 2015 10:12 am EDT
Category: 
Last Updated: 
2015-10-26
Current Version: 
1.0-2
Requires Root: 
No
Developer: 
frantid
Distribution: 
Available via Repository
Total Downloads: 
225
No votes yet

Description

 This is mainly maintenance, but does remove 6 or 7 expired certs from the root certs installed on the various webOS devices.  It should work on everything. Should not require a reboot, but it might if the file indexer doesn't notice right away.  

I got the original roots off the emulator. Removed the expired certs. Then added certs via:

https://www.linuxfromscratch.org/blfs/view/svn/postlfs/cacerts.html

which gets it's certs from mozilla
https://hg.mozilla.org/releases/mozilla-release/file/default/security/nss/lib/ckfw/builtins/certdata.txt

It won't remove expired certs from the certificate manager app.  I encourage everyone to go through their installed certs, check details and the expired dates. Delete the expired ones.

This is especially important for those testing the new openssl that have any old expired certs, like hotmail.com installed.  From the openssl.org pages:

"If several CA certificates matching the name, key identifier, and serial number condition are available, only the first one will be examined. This may lead to unexpected results if the same CA certificate is available with different expiration dates. If a "certificate expired" verification error occurs, no other certificate will be searched. Make sure to not have expired certificates mixed with valid ones."

On 1.4.5 devices it runs really quickly, since it only copies 2 files.

On 2.x and 3.x it takes a couple of minutes as it has to go through all the certs and links in /var/ssl/certs; /var/ssl/trustedcerts; /etc/ssl/certs/trustedcerts

for those interested the scripts are posted on github:
https://github.com/frantid/webos-openssl-0.9.8zg/tree/master/rootcerts

License

GPL v2 Open Source - Learn More

Availability

Free forever

Download options

Please Register or Login to download this file

Discussion, Changelog, and Support

Discuss this app, get support, and read the changelog for Root Certs Update in the Official Forum thread