W3C home > Mailing lists > Public > public-xg-webid@w3.org > April 2011

Re: self-signed

From: Joe Presbrey <presbrey@gmail.com>
Date: Wed, 13 Apr 2011 17:38:17 -0400
Message-ID: <BANLkTinRXsH5GiaPpCbSfepdXsd21kr=rQ@mail.gmail.com>
To: Joerg Anders <jan@informatik.tu-chemnitz.de>, nathan@webr3.org
Cc: public-xg-webid@w3.org
The error from Apache is:

Certificate Verification: Error (34): unhandled critical extension

This is not a WebID error -- the certificate was self-signed with
extensions set 'Critical'. Resign with all extensions set 'Not
Critical'.

--
Joe Presbrey

On Wed, Apr 13, 2011 at 5:01 PM, Nathan <nathan@webr3.org> wrote:
> Joerg Anders wrote:
>>
>> On Wed, 13 Apr 2011, Joe Presbrey wrote:
>>
>>>
>>> data.fm works with my WebID at http://presbrey.mit.edu/foaf#presbrey
>>>
>>
>> Hmm, I get  ssl_error_certificate_unknown_alert
>>
>>> We openly welcome self-signed certs.
>>>
>>> I've just reconfirmed my cert with pubkey B2AB30... is self-signed.
>>>
>>> Would you mind sharing your WebID URL and X509 certificate?
>>>
>>
>> You can test it with: http://foaf.me/Hans#me
>>
>> The PKCS12 File is at
>>
>>  http://vsr.informatik.tu-chemnitz.de/staff/jan/WEBID/webid.xhtml
>>
>> (ignore the German text, download only HannesElmert.p12)
>>
>> The password for importing into Firefox is
>>
>>      HansElmert
>>
>> BTW: It works on https://bblfish.net:8443/test/WebId
>
> Joe, Joerg,
>
> If it helps any, I can confirm that the error isn't in the WebID
> implementation, it's apache sending back the error message, you can see it
> duplicated on: https://a.open.gs/ which does /not/ have any WebID
> implementation, it only has apache configured to request the certificate.
>
> Best,
>
> Nathan
>
>



Critical.png
(image/png attachment: Critical.png)

NotCritical.png
(image/png attachment: NotCritical.png)

Received on Friday, 15 April 2011 10:13:33 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:24 UTC