Page MenuHome GnuPG

mark-trusted problem with: GTE CyperTrust Global Root
Closed, ResolvedPublic

Description

Validating the certificate "GTE CyperTrust Global Root"
in Kleopatra does not lead to the opurtunity to
mark it trutsted. (allow-mark-trusted is configured and
the procedure works for other root certificates).

The certificate in question is attached.

Details

Version
2.0.5

Related Objects

Event Timeline

Well, GTE seems to be one of this money printing companies without any security
clues. The certificate uses MD5, is valid for 20 years (still 11 to go)(!) and
is missing the required basicConstraints.

Workaround is to use the "relax" flag. This needs to be applied manually using
an editor in trustlist.txt:

97:81:79:50:D8:1C:96:70:CC:34:D8:09:CF:79:44:31:36:7E:F4:74 S relax

I added this line to my trustlist.txt and
applied "Validate" in Kleopatra again, but
same result as before.

Jan-Oliver_Wagner removed a project: Restricted Project.

Sorry, gpg-agent needs to be restartet. Now it works.
Resolving.