ewanm89
commented
12 years ago It's not the custom CA, convergence does not care who or even if there is a CA. It's the fact you need to send a client certificate.
This therefore is a duplicate of #68.
Closed etu closed 12 years ago
ewanm89
commented
12 years ago It's not the custom CA, convergence does not care who or even if there is a CA. It's the fact you need to send a client certificate.
This therefore is a duplicate of #68.
etu
commented
12 years ago They do have their custom CA, which I have to add for the logon to the bank to work.
ewanm89
commented
12 years ago I never said you didn't, I said it didn't matter to convergence, just as convergence can validate self signed certificates too. With current the only notary mode currently implemented, as long as the notaries can connect to the server and get a copy of the certificate then we can use them to verify it. By the way, there is a way to add a site certificate to the local cache manually and for all intents and purposes make an exception for it, but the issue you are having is the fact we don't support sending the client certificate at the moment, not that we can't verify the server certificate.
moxie0
commented
12 years ago Closing this as a duplicate of #68
My problem: My bank does have their own CA, and uses that CA with client certifications to authorize the first part of the login.
With Convergence enabled, I fail to login because of this custom CA and that the notarys don't look at their CA nor can authorize the client cert correctly.
And I'm pretty sure that it's more than me who have problems with their banks in some way like this...
My suggested solution: To be able to list domains where you don't want to run Convergence to auth the website. With wildcards of domainname would be sufficient... like "*mybank.com" or something.