Refreshing Certificate on Linux

I think it’s important to say that this application works resoundingly well on Ubuntu, and that the only issues end up revolving around SSL certificates and Google Chrome specifically is pretty impressive. It is an incredibly useful tool, I love using it, and thank you for supporting Linux.

That being said it is pretty easy, and pretty common, for Linux users’ SSL certificate state to become corrupted. I’ve seen this happen because Chrome ships a new update, because I changed the site name, or just because something related to certificate trust levels is changed.

I currently am in a situation where I changed the site name, Chrome no longer accepts SSL certificate, Firefox does – so I locate SSL certificate location in logs, delete, reopen Local, Local regenerates certificates, but thinks the new certificate is trusted (or is unaware the state has changed), and now Chrome throws ERR_CERT_AUTHORITY_INVALID as this is a brand new, automatically generated, not-yet-trusted certificate but the GUI does not know this.

The easiest way to solve this holistically is to add a user flow for removing (and automatically untrusting) the old certificate, generating a new one, and trusting it again (a “certificate refresh” flow).

From a comment I left a member of the FlyWheel team:

You need to make it easier to delete the certificates, refresh them, and re-trust them. That is it. Linux users are able to solve these problems themselves if we are given the tools to take the actions we need.

Hunting through logs to find the cert location, deleting it, and then having to manually locate the cert again and re-trust it because the GUI element that lets you trust a certificate thinks it is trusted when it is not, is unfortunately not very sustainable.

It should be possible for a user to untrust, disable, remove, and then regenerate and re-trust certificates. That way you aren’t talking about “how do we prevent errors in Linux” (not happening), you’re talking about “how can we make it easy for users to ‘refresh’ this state and fix the problem themselves.”

Update: After manually trusting the automatically generated certificate, browsers declare it invalid.

Issuer certificate is invalid.

HTTP Strict Transport Security: false
HTTP Public Key Pinning: false

Certificate chain:

-----BEGIN CERTIFICATE-----
MIIEbzCCA1egAwIBAgIJHT5XqftDV7HrMA0GCSqGSIb3DQEBCwUAMIGWMRswGQYD
VQQDExJtcm1hc3NldXJkZXYubG9jYWwxCzAJBgNVBAYTAlhYMQswCQYDVQQIEwJY
WDEWMBQGA1UEBxMNRmFrZSBMb2NhbGl0eTEiMCAGA1UEChMZU3VwZXIgRmFrZSBD
b21wYW55LCBGYWtlLjEhMB8GA1UECxMYRmFrZSBPcmdhbml6YXRpb25hbCBVbml0
MB4XDTIwMDkzMDE4MzkwNloXDTMwMDkzMDE4MzkwNlowgZYxGzAZBgNVBAMTEm1y
bWFzc2V1cmRldi5sb2NhbDELMAkGA1UEBhMCWFgxCzAJBgNVBAgTAlhYMRYwFAYD
VQQHEw1GYWtlIExvY2FsaXR5MSIwIAYDVQQKExlTdXBlciBGYWtlIENvbXBhbnks
IEZha2UuMSEwHwYDVQQLExhGYWtlIE9yZ2FuaXphdGlvbmFsIFVuaXQwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDoAN+GPMNL3rq65KtAUHKZdOEN7tUd
+8m3QSJZsHi+99sLgAQ4jFPnSELzCWT/KqaTTBu2wUb2dcwmBigag7mDJm++h17c
b7gBO2j0L+r5WVVKOn6/Csvfe/0oCuJkulcxXmD+6X2cxti+Ebgu9p/PGJGIKazd
6ddNgDIKxUY+/fCjQIck6JHB0NdDlDZoIKcEIo4y0hnw7udT7Z90n2IZqwk+/HsI
rjFvJP65phreYKVg+kVjNhm18qF6kLJPqd6aNYVYuigtgM1P68Ffnps8/Eyw4/kk
8uQdZMHFJnEJD3RzExqeh1R0c0xWu1nuyT2z+ZGy+pWHrUEMxApGzJVfAgMBAAGj
gb0wgbowCQYDVR0TBAIwADALBgNVHQ8EBAMCAvQwOwYDVR0lBDQwMgYIKwYBBQUH
AwEGCCsGAQUFBwMCBggrBgEFBQcDAwYIKwYBBQUHAwQGCCsGAQUFBwMIMBEGCWCG
SAGG+EIBAQQEAwIA9zAdBgNVHQ4EFgQUM+JudznsP6qYa9oPrsn/2/vOKJowMQYD
VR0RBCowKIISbXJtYXNzZXVyZGV2LmxvY2FsghJtcm1hc3NldXJkZXYubG9jYWww
DQYJKoZIhvcNAQELBQADggEBALc5u3pwvw1/Q9XW71EV9IkXtBLKHHkIfFPhXhBt
903GzjKXGKmFFUC/1yH2+OQNlQ1my4LdfC0pUv/tP08EJjkKG6ZMTk+rfpz+ZoOk
IFDv94KRaprIcd0MpHySAwvAkTxvgPoKXTFxajknjq1X3XPK9NWEvdbWkmihUZsp
UTj7mJP1TFQh8GZYmmQW+CYy6y4BPYN8Bh5Ia+CAUg1o/aGxQK1bfhS0V3k3LRmG
BkDCo/QcV2lmwgiE528FUNuYGcCQV+hvc/WmJ6rvaMmItqHnW7JXUQ7nmpD7AKbT
8s9Z7I1BNjbOmDQXga+OSvoYfEAAGLrGu5JN3R1uMVz5xrA=
-----END CERTIFICATE-----

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.