Hi,

I'm using several servers for things like xmpp, mail (imap, pop3, smtp) and http that use CACert-issued certificates for SSL/TLS. Some of them are community-run, some are run by friends and some by myself. One major example would be Gentoo's bugtracker, https://bugs.gentoo.org.

Anyway, I can't for the life of me figure out how to make KDE 4 accept those server certificates. I have been clicking around in the configuration dialogs for Konqueror and Kmail and in the System Settings for a while now, and I haven't found anything that looks like it has anything to do with SSL configuration.

Clicking on the certificate files in the file browser will import them into Kleopatra... and I'm still not certain what that actually does.
(I guess it probably has something to doe with S/MIME certs, which are X.509, too, just like SSL-certificates, but this is anything but clear from this confusing interface...)

Anyway, does anybody here have an idea how to import new root SSL root-certificates into KDE 4? (And preferrably CRLs as well.)

This whole thing is a bit of an issue for me, since SSL connections where the server certificate isn't checked properly are really not secure at all.
(Think man-in-the-middle attacks)

Unfortunately a major problem still remaining with KDE 4 is the handling of certificates. At this time it is not possible to add any to the Keyring used by Qt.

bcooksley wrote:Unfortunately a major problem still remaining with KDE 4 is the handling of certificates. At this time it is not possible to add any to the Keyring used by Qt.

Hm, that's pretty bad.

Is there a manual way to work around this? Where does Qt keep its keyring?

I do not know where Qt keeps its keyring unfortunately. It is likely compiled into QtNetwork or stored somewhere under /usr