The various Certificate Trust Test Cases require some preparation.
Install this software:
$ sudo yum install gnutls-utils nss-tools openssl firefox epiphany java-1.7.0-openjdk-devel wget
Make sure the following software is at least these versions:
- p11-kit: 0.17.4
- p11-kit-trust: 0.17.4
- ca-certficates: 2012.87-10
- nss: 3.14.3-10
$ sudo yum update p11-kit p11-kit-trust ca-certificates nss
Ensure you have sudo permission
Because we are configuring the default system behaviour, the user account that you will use for testing needs permission to use the sudo command. You can test using
If it works, good. If not, you must login to your system as the root user, edit file /etc/sudoers and add the following line. Replace the word myself with the name of your user account.
myself ALL=(ALL) ALL
Test Fixture Files
Download a few files and tools that we'll use later:
$ mkdir -p ~/certificate-trust-test-cases $ cd ~/certificate-trust-test-cases $ wget https://fedoraproject.org/w/uploads/b/b1/Cert-trust-test-ca.pem \ https://fedoraproject.org/w/uploads/1/1e/EquifaxSecureCertificateAuthority.pem \ https://fedoraproject.org/w/uploads/2/29/Distrust-intermediate-by-serial.p11-kit \ https://fedoraproject.org/w/uploads/5/5f/TestCertTrust.java $ javac TestCertTrust.java
Learn how to clear the Firefox cache
Because Firefox caches (remembers) recently viewed web sites, you might sometimes get unexpected results. A web site might still be cached, and shown by Firefox, even if the root CA used by the site has been reconfigured and is no longer trusted.
To enforce that Firefox will reload the site, it is best to clear the Firefox cache. From the Firefox menu, select Tools, Clear Recent History. Time Range: Everything. Open the details, and make sure that both Cache and Active Logins are selected. Click Clear Now and restart Firefox.