Adding root CA certificates to KDE on Debian

I've been trying to get kaddressbook working with the company LDAP server. The LDAP server is accessed over SSL using the standard LDAP SSL port 636.

All I would get is a dialog saying

Could not connect to host ldaps://cn%3d' [rest of URL omitted].

This turned out to be a certificate problem. LDAP is fussy. Certificates must be present, and must work correctly.

So first I added the company root CA certificate to the collection of Debian roots. I created a company subdirectory in /usr/share/ca-certificates, copied the company CA root certificate into that subdirectory, ran

# dpkg-reconfigure ca-certificates

and marked the company CA root certificate as activated.

Today in preference I would just add the certificate to /usr/local/share/ca-certificates and run update-ca-certificates. All certificates in that directory are activated.

Unfortunately KDE 4 keeps its own set of root certificates. I followed the advice of Rene Mayrhofer and replaced the KDE root CA file with a link to the Debian one. The combination of adding the company root CA to the Debian list and the KDE list gets kaddressbook working.

# dpkg-divert --local --rename --add /usr/share/kde4/apps/kssl/ca-bundle.crt
# ln -s /etc/ssl/certs/ca-certificates.crt /usr/share/kde4/apps/kssl/ca-bundle.crt
addingkdecaroots.txt · Last modified: 2013/03/11 15:29 by jim = chi`s home Creative Commons License Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0