How to Load Pages with Unverified SSL Certs in Web+

How to Load Pages with Unverified SSL Certs in Web+

System: Haiku

Preventing the user from loading pages that do not have a verified SSL certficate is a good security practice that most browsers follow.

Usually, when you attempt to access a page with a self-signed SSL certificate, your browser will show a warning message but still allow you to proceed for cases where you know (or assume at your own risk) that the site is safe. In most cases, there is also exception handling for adding sites to an exception list, so that you are not bugged with the warning message everytime you try to access sites known to be safe by the user.

Unfortunately, as of its latest version -- r544 released on August 18 -- Haiku's native browser WebPositive does not handle SSL certificate verification exceptions; so if you hit a site with an unverified certificate, you get an error message and you are unable to proceed to the page. Here is a temporary workaround that will allow you to override this behaviour. Needless to say, use it at your own risk (you have been warned).

The idea behind this workaround is to make the certs file inaccessible to the system; this disables SSL checking altogether and thus removes the above-mentioned warnings. To enable this workaround, the certs file can be deleted, moved or renamed. We are going to go with the non-destructive rename the file method, so that it is possible to easily revert the change; this is how you do it.

Disabling SSL checking

Right-click on the Haiku drive icon on the desktop, and drill down with the mouse to the /boot/common/ssl/certs/ folder to open it.

Click on the cacert.pem file, press Alt E to edit the filename, and change the name of the file (for example, cacert.pem_tmp)

You should now be able to access unverified pages. Note, however, that you will not get any more warnings about potentially unsafe sites, so use this workaround with care. It may simply be a good idea to eventually re-enable SSL certificate verification, which you can easily do by just renaming the certs file back to cacert.pem.

The ability to add websites to an exception list will most likely be implemented at some point in time into Web+. Until then, keep this tip in mind, as it may come in handy in case you want to view a website that happens to have a self-signed certificate.

Tutorial written by Jorge G. Mare (koki) September 2010 - Haikuzone
Made available by BeSly the BeOS, Haiku and Zeta knowledge base.