W3C home > Mailing lists > Public > public-xg-webid@w3.org > April 2011

Re: self-signed

From: Joe Presbrey <presbrey@gmail.com>
Date: Fri, 15 Apr 2011 08:17:06 -0400
Message-ID: <BANLkTikhXWn78LUwMZqw9ctwB9MfKjA=rw@mail.gmail.com>
To: Joerg Anders <jan@informatik.tu-chemnitz.de>
Cc: WebID XG <public-xg-webid@w3.org>
Sorry its still not working for you! We're still working on making
error messages more helpful.

We saw this error for you today: [Fri Apr 15 08:01:06 2011] [info]
[client x.x.x.x] WebID: authentication (non-authoritative) failed for
<URI:http://foaf.me/Hans#me> pubkey:
"DB888E1A5D78F4B2F522A3DC2CA44B5783D2F5E757C08E5248CBCF3A2AC46B9342DDFCB330AC329F0E6124C4D37A1A329EC8820C6C13DF30582D2ED3A60F3791509C725E6CD7F6713D22CE5EDA92B6C2FE3D3418DB6D60964957AB8BF37DE2FB62A74E3D676B95F2DBE52BC7E31605E24A3DB093BBE904594DA9F8867C34427D",
URI: </common/images/rdf_flyer.24.gif>, referer: https://data.fm/login

Your WebID is being found correctly -- you are not sending the right
public key. A quick peek at your WebID RDF says you need the cert
starting 00C65F...:

# rapper -qi rdfxml -o ntriples http://foaf.me/Hans | grep hex
_:genid2 <http://www.w3.org/ns/auth/cert#hex>
"00:C6:5F:81:5C:FB:3A:2C:BC:AA:DA:B5:0F:D6:22:BA:00:AE:22:21:C4:59:20:51:75:2C:1C:FA:AD:05:E0:60:42:85:E2:59:29:1B:B7:3D:33:14:F7:2D:7A:77:74:73:06:72:BF:DA:C3:7B:15:A4:AD:AF:CD:AF:83:45:C9:F3:42:90:B3:80:46:25:FA:4B:05:07:58:39:B4:88:B3:5A:9C:3F:92:1B:33:8B:4C:C6:01:10:6C:4D:29:F8:37:3B:C6:52:30:17:F7:92:FB:3A:D4:AB:CA:11:86:70:B5:E4:23:40:7F:9F:0B:DC:89:94:6B:65:FD:A6:DA:24:95:12:AB"
.

Add the DB88 key to your WebID or take a look through your cert manager.

On Fri, Apr 15, 2011 at 8:01 AM, Joerg Anders
<jan@informatik.tu-chemnitz.de> wrote:
> On Wed, 13 Apr 2011, Joe Presbrey wrote:
>
>> Attached is a working certificate for Hans' WebID.
>>
>> FYI, I resigned without the critical extensions using the following
>> procedure:
>>
>> # decode
>> openssl pkcs12 -in HannesElmert.p12 -nodes > HannesElmert.pem
>> # extract key
>> openssl rsa -in HannesElmert.pem > hans.key
>> # setup extensions
>> echo -e
>> 'basicConstraints=CA:FALSE\nsubjectAltName="URI:http://foaf.me/Hans#me"'
>>>
>>> hans.ext
>>
>> # resign
>> openssl x509 -signkey hans.key -in HannesElmert.pem -clrext -extfile
>> hans.ext > hans.cer
>> # pack
>> cat hans.key hans.cer > hans.pem
>> # export
>> openssl pkcs12 -export -in hans.pem -nodes > hans.p12
>>
>
> Thank you. I imported an again I see the 3 coloured boxes.
>
> --
> J.Anders, GERMANY, TU Chemnitz, Fakultaet fuer Informatik
>
Received on Friday, 15 April 2011 12:17:53 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:24 UTC