Trying to open or sync a KeePass database via SSL (doesn’t matter if it is http, ftp or even webdav) on Linux shows me an error:
Error getting response stream (Write: The authentication or decryption has failed.): SendFailure The authentication or decryption has failed.
Here is the reason why and how to fix this:
Well, the reason is, that KeePass uses the Mono IDE. So the SSL encryption is handled by Mono, too. Unfortunately Mono uses it’s very own certificate store which is empty at the beginning ands need to be populated with at least the root certificates.
This can be done using the following commands (worked on Ubuntu 14.04 for me):
1. Download mono-devel package via apt-get
cd ~ mkdir deb-mono-devel apt-get download mono-devel
Note: We do not install the whole mono-devel package just because it would download lots of packages that we just don’t need.
2. Extract the downloaded package
dpkg --extract mono-devel*.deb deb-mono-level
3. Find out location of ‘mozroots.exe’
find -name "mozroots.exe"
results in something like:
./deb-mono-level/usr/lib/mono/4.5/mozroots.exe
4. Let mozroots.exe import the needed root certificates
mono ./deb-mono-level/usr/lib/mono/4.5/mozroots.exe --import --sync
Mozilla Roots Importer - version 3.2.8.0 Download and import trusted root certificates from Mozilla's MXR. Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed. Downloading from 'http://mxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1'... Importing certificates into user store... 140 new root certificates were added to your trust store. Import process completed.
Note: Of course ./deb-mono-level/usr/lib/mono/4.5/mozroots.exe
has to be replaced by the location you found at #3.,
5. Done!
KeePass should be able to establish SSL encrypted connections as expected from now on.
Leave a Reply