|
Size: 433
Comment: half-done directions
|
Size: 3408
Comment: bypass hacks
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 3: | Line 3: |
| == Visiting QQC! for the first time == * https://qqc.meidokon.net/ QQC! makes use of SSL for security. The theory is beyond the scope of this document, but SSL was designed to provide guarantees of: i. identity - that you're communicating with who you think you're communicating with i. confidentiality - ensuring that your information is not stolen or viewed while in transit Nowadays noone cares much about identity. It's too technical to explain to most people, but that's what your browser will complain about - it can't confirm QQC!'s identity: * [[attachment:firefox_whine.png| Firefox complaining]] * [[attachment:ie_whine.png| IE complaining]] === Fixing this properly === For a website using SSL, the identity of the website is assured by a Certificate Authority (CA). The website-owner usually pays the CA some money, and then the CA issues the SSL certificate. In our case, CAcert assures our identity for QQC. The correct fix is then to tell your browser that you trust CAcert, who in turn assures QQC!. ==== Firefox ==== 1. Visit CAcert: http://www.cacert.org/ 1. Follow the link to their Root Certificate, in the right-hand sidebar 1. Follow the link to the ''Root Certificate (PEM Format)'' under the ''Class 1 PKI Key'' section <<BR>> {{attachment:cacert_class1_pki.png}} 1. You'll get a popup asking you to accept the certificate <<BR>> {{attachment:cacert_identify_sites.png}} i. You should click the View button to show the details of the certificate i. Visually verify the SHA1 and MD5 Fingerprints on the certificate against the details on the webpage i. Close the viewing window once you're done 1. Tick the box labelled ''Trust this CA to identify web sites'' * You can tick the boxes for ''Email users'' and ''Software developers'' if you like 1. Click OK 1. You're done. You can [[https://qqc.meidokon.net/| visit QQC!]] if you want, but there's not much to do until you have your browser certificate installed === Dodgy fix === You can just ignore the error, it's benign. ==== Firefox ==== 1. When Firefox complains, click ''I Understand the Risks'', and another block of warning text will appear 1. Click the ''Add Exception'' button 1. Click the ''Get Certificate'' button 1. Uncheck the ''Permanently store this exception'' tickbox if you want to be hassled next time 1. Click the ''Confirm Security Exception'' button ==== Internet Explorer ==== 1. Click ''Continue to this website'' |
|
| Line 4: | Line 46: |
| Line 8: | Line 49: |
| 1. Find the Advanced tab, then the View Certificates buttong: <<BR>> {{attachment:advanced_tab.jpg}} 1. Click the Import button |
1. Find the Advanced tab, then the View Certificates button: <<BR>> {{attachment:advanced_tab.jpg}} 1. The first tab should already be selected, it's for Your Certificates 1. Click the Import button <<BR>> {{attachment:import_button.jpg}} 1. Find your cert in the standard dialogue box and open it 1. You'll be asked for a password <<BR>> {{attachment:password_entry.jpg}} 1. The password is blank, so just click OK 1. You should see a message indicating success <<BR>> {{attachment:success.jpg}} 1. You're done, now try to visit a QQC! page, eg. https://qqc.meidokon.net/Quartett/qqc_report.py |
QQC!
Visiting QQC! for the first time
QQC! makes use of SSL for security. The theory is beyond the scope of this document, but SSL was designed to provide guarantees of:
- identity - that you're communicating with who you think you're communicating with
- confidentiality - ensuring that your information is not stolen or viewed while in transit
Nowadays noone cares much about identity. It's too technical to explain to most people, but that's what your browser will complain about - it can't confirm QQC!'s identity:
Fixing this properly
For a website using SSL, the identity of the website is assured by a Certificate Authority (CA). The website-owner usually pays the CA some money, and then the CA issues the SSL certificate. In our case, CAcert assures our identity for QQC. The correct fix is then to tell your browser that you trust CAcert, who in turn assures QQC!.
Firefox
Visit CAcert: http://www.cacert.org/
- Follow the link to their Root Certificate, in the right-hand sidebar
Follow the link to the Root Certificate (PEM Format) under the Class 1 PKI Key section
You'll get a popup asking you to accept the certificate
- You should click the View button to show the details of the certificate
- Visually verify the SHA1 and MD5 Fingerprints on the certificate against the details on the webpage
- Close the viewing window once you're done
Tick the box labelled Trust this CA to identify web sites
You can tick the boxes for Email users and Software developers if you like
- Click OK
You're done. You can visit QQC! if you want, but there's not much to do until you have your browser certificate installed
Dodgy fix
You can just ignore the error, it's benign.
Firefox
When Firefox complains, click I Understand the Risks, and another block of warning text will appear
Click the Add Exception button
Click the Get Certificate button
Uncheck the Permanently store this exception tickbox if you want to be hassled next time
Click the Confirm Security Exception button
Internet Explorer
Click Continue to this website
Installing your certificate into your browser
Get your certificate file, it should look something like this:
- Importing into Firefox
Open your Options (on linux this is in the Edit menu):
Find the Advanced tab, then the View Certificates button:
- The first tab should already be selected, it's for Your Certificates
Click the Import button
- Find your cert in the standard dialogue box and open it
You'll be asked for a password
- The password is blank, so just click OK
You should see a message indicating success
You're done, now try to visit a QQC! page, eg. https://qqc.meidokon.net/Quartett/qqc_report.py