Certificate problems on new Jolla
asked 2015-10-23 18:16:06 +0300
I have a new Jolla and have problems connecting to the Jolla store and to my mailserver. Both problems are probably somehow related to the installed certificates: I have installed a new certificate for my calendar server into /etc/pki/ca-trust/source/anchors and ran update-ca-trust, and probably at that time both Jolla store app and the mailserver stopped working.
The Jolla store says the following in journal:
Oct 23 16:59:23 Jolla [25847]: [D] onError:374 - Jolla account sign-in error: 7
The account could not be set up due to an SSL authentication error. Make sure th
e system date and time are correct in Settings | System | Time and date.
Of course, the system date is OK.
The messageserver log set up as described here: https://together.jolla.com/question/46259/native-email-app-check-certificate-message/ contains the following:
[1094] Oct 23 16:51:47 [Debug] Messaging : Opening connection - "anxur.fi.muni.cz" : 993 SSL
[1094] Oct 23 16:51:47 [Debug] Messaging : IMAP : connection established
[1094] Oct 23 16:51:47 [Warning] Encrypted connect warnings: "'The root certificate of the certificate chain is self-signed, and untrusted'"
(yes, this is the real FQDN).I have tried the following:
openssl s_client -connect store-api.jolla.com:443
openssl s_client -connect anxur.fi.muni.cz:993
and both commands ended with "Verify return code: 0 (ok)". So I suppose I have all the certificates installed correctly at least for openssl. Could it be that both the Jolla store and messageserver use another certificate store, which can be damaged by update-ca-trust?
I have verified that I have both root anchors (DigiCert Global Root CA for store-api.jolla.com, and DigiCert Assured ID Root CA for anxur.fi.muni.cz) are installed in /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt.
What can be wrong and how can I fix it? Thanks and sorry for the Jolla newbie question.
