Managing Certificate Authorities in Adobe Flash on Fedora/RHEL

By | March 10, 2010

or: making your file uploads work over HTTPS when you are using a self-signed certificate or an authority Flash decides it doesn’t like.

Flash is a popular way to upload files to web sites. This is because you can have multiple files upload at once, give pretty progress bars, and can control the file upload UI. There are some alternatives that don’t appear to be cross-platform, but that seems self-defeating.

But there is a problem; if you are using a certificate that Flash doesn’t like, it doesn’t work at all.  And you don’t get an error message.  In Windows this is solved pretty well.  If Internet Explorer trusts a certificate, so does Flash.  But on Linux, flash only checks the system certificate store.  And on Fedora, it doesn’t even do that.

To fix it until Adobe fixes the bug, run as root:

mkdir /etc/ssl && ln -sf /etc/pki/tls/certs /etc/ssl/certs

Come to think of it, is there a way to tell where the system certs should be found?

8 thoughts on “Managing Certificate Authorities in Adobe Flash on Fedora/RHEL

  1. Peter Bowen

    It sounds like Flash is just using the OpenSSL default location. Fedora does move this, but Flash is probably carrying around its only reference to /etc/ssl/certs.

    As for the system default, things are complicated by the existence of multiple crypto libraries in most Linux distros. OpenSSL has a plain list (or directory) of CAs, while NSS uses a database format with additional info on each CA (email signer vs. SSL signer, etc).

  2. Jonas Ã…dahl

    > There are some alternatives that don’t appear to be cross-platform,

    Using flash is LESS cross-platform than using Firefox, AND it relies on proprietary software/protocols.

  3. Götz Waschk

    Do you have a test case where the upload does not work without the symlink?

  4. Jerome Haltom

    Sounds to me like Flash got this right, and the issue is that Fedora moved what seems to be a default location on most Unix systems.

    The whole NSS debacle sucks, though.

  5. admin Post author

    Götz: Yes, I just filed a bug here:

    Jerome: I think you’re right. It looks like the origin is this bug:

    Jonas: I’ve seen stats that say 98% of web users have flash installed. (Obviously that’s changing now that more people are using mobile devices) Firefox users make up 20-50% web users depending on your audience. I’m not that interested in arguing about whether Flash is good or bad. Happily, I’m not a flash developer. I simply want the software I use to work.

  6. Jonas Ã…dahl

    I’m not arguing if Flash is good or bad, just that it is not in any way more cross platform than Firefox. Web users are not platforms, they are humans.

  7. Pingback: HTTPS upload failed under Linux Error #2038 » free icons download

Leave a Reply

Your email address will not be published. Required fields are marked *