Midori won't open some websites because of security certificate problems

21 replies [Last post]
Ra
Ra
Offline
Joined: 07/23/2014

In the Midori FAQ this is mentioned:

Certificate Handling
Midori uses the system's ca-certificates, the exact locations depend on the distribution.
Midori >= 0.4.7 supports gcr for certificate display and management, you can click the lock in the urlbar to see detailed information. Earlier versions, or one without gcr will not handle certificates beyond the lock icon in the urlbar.

Error granting trust: Couldn't find a place to store the imported certificate
No key store is available or it's incorrectly setup. By default GNOME keyring can do this. Under Xfce it is recommended to enable “GNOME services” under “Session and Startup settings”. To make sure, that the output of “gnome-keyring –startup” is correctly sent to the environment, you can add “export `gnome-keyring-daemon –start`” to .xinitrc.

I use Trisquel Mini, so no XFCE. I didn't find the file .xinitrc in Midori folders and PCManFM won't let me do file searches. Btw, after years on L/Xubuntu and some time on Trisquel i must say that file searches in GNU/Linux systems are shockingly bad. It has almost always been impossible for me to find a file although i knew its name, at least roughly. The searches are so complicated and not at all intuitive, be it in a file manager or via command line. This is hilarious as a file search theoretically is not complicated because you know pretty much what you are looking for.

What can i do about this Midori case?

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

Btw, after years on L/Xubuntu and some time on Trisquel i must say that file searches in GNU/Linux systems are shockingly bad. It has almost always been impossible for me to find a file although i knew its name, at least roughly. The searches are so complicated and not at all intuitive, be it in a file manager or via command line. This is hilarious as a file search theoretically is not complicated because you know pretty much what you are looking for.

The command for that is find and it works perfectly fine..

Ra
Ra
Offline
Joined: 07/23/2014

I know. But i don't see why i should invest more than 10 minutes into figuring out how to really "find" that file. Man pages are generally ridicoulus. Two online pages that i read about it gave me some advice, but it was incomplete and the commands i tried didn't work - or at least didn't bring me any result.

onpon4
Offline
Joined: 05/30/2012

Use GNOME, or at least Nautilus. All you have to do in Nautilus to search is start typing.

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

Well, it is not much difficult, I guess.

Example, let's say we want to find a file named "panacea.dat".

We need to give the find command the instruction where to search for it. We can search all the / or, if we know the file is in /home we can instruct it to search in /home.
So, the command will look like this:

find /home/username -iname panacea.dat

or

sudo find / -iname panacea.dat

^ see how when you want to search the entire / you need to give it superuser permission or otherwise you'll get an output full of "Permission denied" nonsense..

Now, let us consider a typical user case: we want to find a file but we are not certain about its name, usually the extension..

This is where JOLLY (*) comes very very useful :)
To continue with the example file we already mentioned, we want to find panacea.dat but we ignore the exact extension type of the given file (.dat)

the command will be:
sudo find / -iname panacea*

We may also ignore the correct name of the file all together.
Say we remember just "pana" and not the full "panacea".
Here, the jolly char comes even more useful:
sudo find / -iname pana*

cheers

tonlee
Offline
Joined: 09/08/2014

Off topic.
Supertramp, I too find navigating commands difficult. I do not blame gnulinux. I am almost always unable to read a man. Those of you who manage must be either skilled or have picked up early. About the 'find' ex, it is the '-iname'. Where did minus and 'i' come from? Much of the time to me it is like restarting when I face a new command or problem. I cannot figure the basic syntax, if there is any. Fx I wanted to use 'tcplay' by its commands. I did not get further than mounting a container.

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

Hi tonlee!
I see what you say. I started with computers when I was very young. My first pc was a 386 laptop when I was 10 or 11. I have used DOS 3.1, win 95, 98 , me, xp and winzozz 7. Vista I skipped (didn't use computers during several years during the "vista period"). I switched to GNUX 2 years ago and ever since I have been reading and playing a lot, but I wouldn't define myself as "skilled". I guess computers (no matter what OS) require some logic, nothing special.. and I do realize that most people don't have it and it takes them a lot to learn but I really believe that EVERYBODY can learn (and should learn) few CLI commands. I really reckon that learning the essential CLI commands is not only beneficial to everybody's computing but also vitally necessary.
If you know how to read you can learn!!
I can recommend you an excellent pdf -> http://en.flossmanuals.net/_booki/command-line/command-line.pdf

And here is a useful wallpaper that can help you too -> http://vagubunt.files.wordpress.com/2010/11/cli_rehashed_by_doom-d2yf3nv.jpg

cheers

Faalentijn
Offline
Joined: 10/02/2015

On 01/10, name at domain wrote:
> I know. But i don't see why i should invest more than 10 minutes into
> figuring out how to really "find" that file. Man pages are generally
> ridicoulus. Two online pages that i read about it gave me some advice, but
> it was incomplete and the commands i tried didn't work - or at least didn't
> bring me any result.
You might be looking for locate(1) command which is a much faster and
simpler alternative to find. I find it much easier to use for just
locating files however for more difficult things I do tend to use find
(because of the -exec option).

You just use it by typing: "locate foo bar baz" and it will find all
instances of files named foo, bar or baz.
--
I am not afraid of tomorrow, for I have seen yesterday and I love today.
-- William Allen White

lembas
Offline
Joined: 05/13/2010

I too like locate (when the file I'm looking for isn't brand spanking new).

"Unlike other tools like find(1), locate uses a previously created database to perform the search, allowing queries to execute much faster. This database is updated periodically from cron." (by default daily)

May I suggest the mlocate package instead of the locate package.

"mlocate instead of re-reading all the contents of all directories each time the database is updated keeps timestamp information in its database and can know if the contents of a directory changed without reading them again. This makes updates much faster and less demanding on the hard drive."

pehjota
Offline
Joined: 02/08/2013

If you mean that you get the error "SSL handshake failed" when connecting to sites that use CloudFlare, this is a bug in older versions of the glib-networking package, not a certificates problem. The solution is for Trisquel to add a package helper to pull in a newer glib-networking package (and possibly some dependencies) from upstream.

Ra
Ra
Offline
Joined: 07/23/2014

Coming back to the original problem: At some websites i get the message already quoted in the Midori FAQ:
Error granting trust: Couldn't find a place to store the imported certificate
pkcs11:library-description=PKCS%2311%20Kit%20Trust%20Module

As the FAQ says it could have to do with file .xinitrc i was looking for that file. Anyone knows where it is?
When i try to search with the command locate i get: Command not found. How come?

lembas
Offline
Joined: 05/13/2010

It's in your home folder, if you happen to have one. Do you have the mlocate package installed?

moxalt
Offline
Joined: 06/19/2015

> It's in your home folder, if you happen to have one.

Only if he doesn't use a login manager, and uses startx instead. Even then, the
system could just be using the system xinitrc in /etc/X11.

I must admit I am slightly puzzled as to what Midori should ever have to do
with an .xinitrc file. What does Midori storing security certificates have to
do with the user-specific X session startup file? It seems very fishy to me.

Ra
Ra
Offline
Joined: 07/23/2014

I now can use locate. But the file .xinitrc is nowhere. I was looking for it because of this hint in the Midori FAQ:

Error granting trust: Couldn't find a place to store the imported certificate
No key store is available or it's incorrectly setup. By default GNOME keyring can do this. Under Xfce it is recommended to enable “GNOME services” under “Session and Startup settings”. To make sure, that the output of “gnome-keyring –startup” is correctly sent to the environment, you can add “export `gnome-keyring-daemon –start`” to .xinitrc.

Again, the message i get at some webpages is:
Error granting trust: Couldn't find a place to store the imported certificate
pkcs11:library-description=PKCS%2311%20Kit%20Trust%20Module

I guess i have to file a bug report.

lembas
Offline
Joined: 05/13/2010

It probably doesn't exist. But you can create one if you wish. Just edit a file with that name (~/.xinitrc) and save it. Make sure you have the gnome-keyring package installed.

I agree it makes sense to file. You can include in the bug whether making this file as suggested helps.

Ra
Ra
Offline
Joined: 07/23/2014

I found the package libp11-kit-gnome-keyring in Synaptic and it helped. Now i can access sites i couldn't. But when i enable Javascript on those sites, they disappear and the message is:
pkcs11:library-manufacturer=GNOME%20Keyring , pkcs11:library-description=PKCS%2311%20Kit%20Trust%20Module
This also happens at Trisquel wiki pages.
Earlier, when i tried several times in a row, a Trisquel wiki page was displayed in the end. I have the impression that Midori is not very reliable. Often i have to do things twice to make them happen. Sometimes it seems like there is a problem but when i enter the same address again, it works. The same goes for auto-completion. Sometimes the browser doesn't offer me anything when typing an url, and sometimes a huge list appears immediately.

I have also created the file .xinitrc. It's in my home folder, but it doesn't seem to help. Should it be somewhere else?

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

Last time I used it (a year ago) Midori was incredibly buggy. Lightweight and fast but full of bugs.

Ra
Ra
Offline
Joined: 07/23/2014

Yes,i will change my browser. Which lightweight one is good? I've had a look at Dooble and XXXTerm and also at Qupzilla, but i haven't tried any of them out.

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

I have always used mozilla ff based browsers due to its amazing (the few I use) addons. I have used briefly dillo, which is veeeery fast and lightweight. Maybe give that one a try too.

p.s - to enable SSL -> http://www.dillo.org/FAQ.html#q12

onpon4
Offline
Joined: 05/30/2012

I haven't found Midori to be "buggy". The only reason I wouldn't be likely to switch to it is some Firefox extensions I like having with no equivalents in Midori (namely UnPlug, HTTPS Everywhere, and now the Random Agent Spoofer), and the fact that user scripts don't work when normal JavaScript is disabled (which prevents me from using ViewTube and LinkTube).

Honestly, if Midori just fixed the user scripts problem, it wouldn't take much for me to switch to it. Midori is a great browser, easily my second choice after Firefox-based browsers.

manadalibre
Offline
Joined: 11/21/2011

Hi,
A simple form for jump the BUG is click in navigation bar an enter...

Ra
Ra
Offline
Joined: 07/23/2014

I am not sure whether i understand you. If you mean refreshing the page - no, that doesn't work.