Few days ago (2010-07-16), Arch Linux Forums started to redirect unencrypted connection to encrypted connection, in other words, it is now SSL connection only.
My current web browser is Chromium and it told me CAcert.org is not trusted, the certificate issuer that Arch Linux Forums uses. It only takes one click for a browsing session to get rid of that message. Before this, I sometimes stumbled upon Gentoo Bugs redirected via Gentoo Packages.
I am not actually a reader of Arch Linux Forums, but I read it regularly. So it's time to get rid of it once for all.
It's fairly simple. Firstly, you need certutil
tool from nss package, if you don't have then add the following line to your /etc/portage/packages.use
dev-libs/nss utils
Re-emerge nss.
Next step is to add the root certificate
certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n cacert -i /etc/ssl/certs/cacert.org.pem
Then check if we add successfully with certutil -d sql:$HOME/.pki/nssdb -L
> certutil -d sql:$HOME/.pki/nssdb -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI cacert C,,
Restart browser and say hello to that little green lock.
The steps are actually from this Chromium wiki page.
Note that the root certificate /etc/ssl/certs/cacert.org.pem
is a symbolic link to /usr/share/ca-certificates/cacert.org/cacert.org.crt
, which is a file part of ca-certificates package and your Gentoo system should already have it because openssl depends on it and openssl is unlikely not installed.