A server's SSL certificate is signed by StartSSL. KDE (more accurate Akonadi/DAV) complains about it: "The server failed the authenticity check (…). The certificate is not signed by any trusted certificate authority". When I click "Details", it tells me the server's certificate is trusted ("Trusted: Yes"). When I select the root certificate of the chain (CN=StartCom Certification Authority), I see that it is actually *not* trusted ("Trusted: NO, there were errors: The certificate is not signed by any trusted certificate authority"). It says the SHA1 digest is 3e2bf7f2031b96f38ce6c4d8a85d3e2d58476a0f. This certificate is among the system certificates: $ certtool -i < /etc/ssl/certs/ca-certificates.crt 2>/dev/null | grep 3e2bf7f2031b96f38ce6c4d8a85d3e2d58476a0f 3e2bf7f2031b96f38ce6c4d8a85d3e2d58476a0f I see two problems here: 1) KDE says in the error details that it trusts the server certificate, when it should actually say that it was not issued by a trusted authority. 2) KDE distrusts the certificate authority for no apparent reason. Reproducible: Always
When I remove the root certificate from the chain, something even less expected happens: KDE considers the intermediate certificate untrusted ("Trusted: NO, there were errors: The certificate authority's certificate is invalid, The root certificate authority's certificate is not trusted for this purpose"). The SHA1 digest of that certificate is f691fc87efb3135354225a10e127e911d1c7f8cf. It was signed by a3f1333fe242bfcfc5d14e8f394298406810d1a0 and 3e2bf7f2031b96f38ce6c4d8a85d3e2d58476a0f's private key, which are both system certificates in /etc/ssl/certs/ca-certificates.crt.
I am using version 4:4.13.3-0ubuntu0.1 of the Ubuntu 14.04 libkio5 package.
Happens with KDE 4.14.3 on Gentoo as well. This prevents me from using my ownCloud CardDAV resource with Akonadi.
Same symptoms with plasma 5 workspace on Arch. This is very annoying.
Thank you for the bug report. As this report hasn't seen any changes in 5 years or more, we ask if you can please confirm that the issue still persists. If this bug is no longer persisting or relevant please change the status to resolved.
Can you re-try this with Plasma 6? Thanks!
🐛🧹 ⚠️ This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information, then set the bug status to REPORTED. If there is no change for at least 30 days, it will be automatically closed as RESOLVED WORKSFORME. For more information about our bug triaging procedures, please read https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging. Thank you for helping us make KDE software even better for everyone!