tl;dr: mirall doesn't use the system certificate store. Upstream has recommended that I suggest that Rawhide update to the 2.0.2 release, so that may fix this issue. Description of problem: I am experiencing this error message when I start the OwnCloud client, configured to connect to my server with a Let's Encrypt certificate: Warnings about current SSL Connection: The issuer certificate of a locally looked up certificate could not be found with Certificate electronsweatshop.com Organization: <not specified> Unit: <not specified> Country: <not specified> Fingerprint (MD5): 02:d5:6b:f9:2c:23:b1:05:e7:e2:f9:fb:d7:e2:60:64 Fingerprint (SHA1): 09:71:46:51:df:2a:e3:99:5e:5f:6a:5d:f6:a2:4a:a7:24:05:98:de Effective Date: Sun Nov 1 03:15:00 2015 Expiration Date: Sat Jan 30 03:15:00 2016 Issuer: Let's Encrypt Authority X1 Organization: Let's Encrypt Unit: Country: US I am confident that I have configured the httpd server correctly (using the correct key, certificate, and CA chain) as the following clients accept the certificate without issue: Firefox, Seamonkey, curl, openssl s_client, Miredo, Psi, and Conversations (Android). There are a couple possible explanations for this issue: 0) The client cannot use certificate chains. 1) The client does not trust the DST Root CA X3, which has cross signed the Let's Encrypt certificate. This would be surprising, since DST is a widely trusted certificate authority and every other program on my computer does not have any issue with trusting it. I don't have an easy way to diagnose these two possibilities, but I do know that the OwnCloud client has a few issues where it does not trust system certificate stores: https://github.com/owncloud/client/issues/2964 https://github.com/owncloud/client/issues/3739 Upstream asked me to ask Fedora to update to the 2.0.2 release, which they believe will solve this issue. Let me know if you require any more information! Version-Release number of selected component (if applicable): I am running version 1.8.0 on Fedora Rawhide: % rpm -q mirall mirall-1.8.0-3.fc23.x86_64 How reproducible: Every time. Steps to Reproduce: 1. Sign the OwnCloud server's certificate with a custom certificate authority (or use Let's Encyrpt. I have tried both). 2. Install the custom CA cert on the client machine. 3. Point mirall at the OwnCloud server. Actual results: mirall will complain that the signing authority is untrusted. Expected results: mirall should trust any certificate that the system certificate store trusts. I.e., if the openssl client trusts the certificate, mirall should trust it too. Additional info: I've filed an upstream bug on this issue. I don't see a way to associate github issues in the external bug feature here in Bugzilla, so here's the link to the upstream report: https://github.com/owncloud/client/issues/4062
mirall is obsolete. Please use owncloud-client package
I had filed an upstream bug report that is more specifically about mirall not trusting the system certificate store. I should have linked that bug report instead. Here it is: https://github.com/owncloud/client/issues/3739
Ahhhhh. Now I feel like an idiot. I noticed that someone had made a comment like that on my other bug so apparently I am thick in the skull. I updated to owncloud-client-2.0.1, and the issue is resolved. Apologies for the noise, and thank you for pointing me in the correct direction.
No problem, thank you for letting us about any kind of bugs. I will ping the main maintainer asking him if we can clean all residual mirall references in the Fedora infrastructure