Fedora Linux: fixing RescueTime problem with certificate path

RescueTime version 2.9.11.1285 on Fedora doesn't send its collected data to servers with following error: "Problem with the network, please contact RescueTime Support. (77): Problem with reading the SSL CA cert (path? access rights?)."

rescuetime window with ssl ca cert error

According to the changes list for this version developers have added support for system-wide certificates.

2.9.11.1285 - 2016/11/30 (Release)

Changes

*) Added dependency ca-certifcates in attempt to use shipped ca-cert-bundles
...

Let's check why rescuetime can't read them:

$ strace rescuetime 2>&1 | grep -i cert
open("/etc/ssl/certs/ca-certificates.crt", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/etc/ssl/certs/ca-certificates.crt", O_RDONLY) = -1 ENOENT (No such file or directory)
$ sudo ls -la /etc/ssl/certs/ca-certificates.crt
ls: Can't access '/etc/ssl/certs/ca-certificates.crt':
no such file or directory

Rescuetime tries to read file ca-certificates.crt but it doesn't exists.
Let's check what files provide ca-certificates package:

$ rpm -ql ca-certificates | fgrep ca-certificates.crt
$ echo $?
1

Maybe another package contains the file:

sudo dnf whatprovides 'ca-certificates.crt'

Again, nothing.
Let's try to add it manually:

$ cd /etc/ssl/certs/
$ ls -1
ca-bundle.crt
ca-bundle.trust.crt
make-dummy-cert
Makefile
renew-dummy-cert
$ sudo ln -s ca-bundle.crt ca-certificates.crt
$ ls -1
ca-bundle.crt
ca-bundle.trust.crt
ca-certificates.crt
make-dummy-cert
Makefile
renew-dummy-cert

Checking rescuetime again:

strace rescuetime 2>&1 | grep -i cert
open("/etc/ssl/certs/ca-certificates.crt", O_RDONLY) = 12
read(12, "-----BEGIN CERTIFICATE-----\nMIIH"..., 4096) = 4096
read(12, "pNcL\n-----END CERTIFICATE-----\n-"..., 4096) = 4096
read(12, "CERTIFICATE-----\n-----BEGIN CERT"..., 4096) = 4096
read(12, "---BEGIN CERTIFICATE-----\nMIIF2T"..., 4096) = 4096
open("/etc/ssl/certs/ca-certificates.crt", O_RDONLY) = 12
read(12, "-----BEGIN CERTIFICATE-----\nMIIH"..., 4096) = 4096
read(12, "pNcL\n-----END CERTIFICATE-----\n-"..., 4096) = 4096
read(12, "CERTIFICATE-----\n-----BEGIN CERT"..., 4096) = 4096
read(12, "---BEGIN CERTIFICATE-----\nMIIF2T"..., 4096) = 4096
open("/etc/ssl/certs/ca-certificates.crt", O_RDONLY) = 13
read(13, "-----BEGIN CERTIFICATE-----\nMIIH"..., 4096) = 4096
read(13, "pNcL\n-----END CERTIFICATE-----\n-"..., 4096) = 4096
read(13, "CERTIFICATE-----\n-----BEGIN CERT"..., 4096) = 4096
read(13, "---BEGIN CERTIFICATE-----\nMIIF2T"..., 4096) = 4096

Aaaaannnd yes, it works!!!

So, the solution is to simply add symlink to the ca-bundle.crt:

$ cd /etc/ssl/certs
$ sudo ln -s ca-bundle.crt ca-certificates.crt

Comments

comments powered by Disqus