keybase service certificate errors

[karux]

My keybase client (macOs Version 1.0.39-20180122031025+5e5798149 (1.0.39-20180122031025+5e5798149) is making calls to the following keybase.io servers over HTTPS, and my firewall is blocking due to an invalid certificate chain:

• mdserver.kbfs.keybase.io
• bserver.kbfs.keybase.io

CURL notes the same issue: curl -X GET -v https://mdserver.kbfs.keybase.io

• Rebuilt URL to: https://mdserver.kbfs.keybase.io/
• Trying 52.55.102.89...
• Connected to mdserver.kbfs.keybase.io (52.55.102.89) port 443 (#0)
• SSL certificate problem: Invalid certificate chain
• Closing connection 0 curl: (60) SSL certificate problem: Invalid certificate chain More details here: http://curl.haxx.se/docs/sslcerts.html

Why is Keybase using a certificate NOT signed by a known and trusted certificate authority?

If Keybase wants to self-sign their cert, what ROOT certificate should I import?

[maxtaco]

See here

[espoelstra]

You could add the certificates to the login or System keychain and set them to Always Trust if you want things to be happier (not sure if that applies to your firewall, but it if trusts the keychain it should). See also this script for easily grabbing from a server and pushing into the keychain. https://gist.github.com/Artistan/5219484efb2fe51cd064175b3d0d5971