W3C home > Mailing lists > Public > public-xg-webid@w3.org > April 2011

Re: self-signed - critical is not the reason

From: bergi <bergi@axolotlfarm.org>
Date: Thu, 14 Apr 2011 14:22:59 +0200
Message-ID: <4DA6E723.208@axolotlfarm.org>
To: Joerg Anders <jan@informatik.tu-chemnitz.de>
CC: Henry Story <henry.story@bblfish.net>, WebID XG <public-xg-webid@w3.org>, Joe Presbrey <presbrey@gmail.com>, nathan <nathan@webr3.org>
Only the 'Subject Alternative Name' is now uncritical, but still some
other extensions are critical, especially the 'Subject Key Identifier'
which isn't supported by openssl [1].

[1] http://lists.w3.org/Archives/Public/public-xg-webid/2011Apr/0211.html

Am 14.04.2011 13:50, schrieb Joerg Anders:
> On Thu, 14 Apr 2011, bergi wrote:
> 
>>
>> How was the certificate created? Could you remove the critical flag from
>> the extensions step by step until it's working?
>>
> 
> I have to disappoint you: It has nothing to do with critical or not. Please
> try
> 
>    ReinerNovak.p12
> 
>     password: RNovak
> 
> from
> 
>   http://vsr.informatik.tu-chemnitz.de/staff/jan/WEBID/webid.xhtml
> 
> it has an  (uncritical)
> 
>    X509v3 Subject Alternative Name:
>     email:r.novak@vodafone.de,
> URI:http://vsr.informatik.tu-chemnitz.de/staff/jan/obama/Novak#me
> 
> The certificate is created with Mozilla Key-Manager AddOn.
> And again it works on
> 
>   https://bblfish.net:8443/test/WebId
> 
> Thus, it can't be totally wrong. Experiences with HannesElmert.p12
> show it also works on http://foaf.me
> 
> 
Received on Thursday, 14 April 2011 12:23:26 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:24 UTC