- From: Henry Story <henry.story@bblfish.net>
- Date: Wed, 13 Apr 2011 23:47:55 +0200
- To: WebID XG <public-xg-webid@w3.org>
- Cc: Joe Presbrey <presbrey@gmail.com>, Joerg Anders <jan@informatik.tu-chemnitz.de>, nathan <nathan@webr3.org>
Joe Presbrey is certainly the right person to ask given that he has written
code at the Apache TLS level http://dig.csail.mit.edu/2009/mod_authn_webid/
On 13 Apr 2011, at 23:01, Nathan wrote:
> Joerg Anders wrote:
>> On Wed, 13 Apr 2011, Joe Presbrey wrote:
>>>
>>> data.fm works with my WebID at http://presbrey.mit.edu/foaf#presbrey
>>>
>> Hmm, I get ssl_error_certificate_unknown_alert
>>> We openly welcome self-signed certs.
>>>
>>> I've just reconfirmed my cert with pubkey B2AB30... is self-signed.
>>>
>>> Would you mind sharing your WebID URL and X509 certificate?
>>>
>> You can test it with: http://foaf.me/Hans#me
>> The PKCS12 File is at
>> http://vsr.informatik.tu-chemnitz.de/staff/jan/WEBID/webid.xhtml
>> (ignore the German text, download only HannesElmert.p12)
>> The password for importing into Firefox is
>> HansElmert
>> BTW: It works on https://bblfish.net:8443/test/WebId
>
> Joe, Joerg,
>
> If it helps any, I can confirm that the error isn't in the WebID implementation, it's apache sending back the error message, you can see it duplicated on: https://a.open.gs/ which does /not/ have any WebID implementation, it only has apache configured to request the certificate.
I wonder if there are X509 specialists who can tell if there is something that is problematic with Hans' certificate
$ openssl pkcs12 -clcerts -nokeys -in Desktop/HannesElmert.p12 | openssl x509 -noout -text
Enter Import Password:
MAC verified OK
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2483388820 (0x94058194)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=DC, L=Washington, O=Self-Signed, OU=Institut/UID=Hans, CN=Hans Elmert
Validity
Not Before: Apr 5 13:42:38 2011 GMT
Not After : Apr 5 13:42:38 2014 GMT
Subject: C=US, ST=DC, L=Washington, O=Self-Signed, OU=Institut/UID=Hans, CN=Hans Elmert
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:db:88:8e:1a:5d:78:f4:b2:f5:22:a3:dc:2c:a4:
4b:57:83:d2:f5:e7:57:c0:8e:52:48:cb:cf:3a:2a:
c4:6b:93:42:dd:fc:b3:30:ac:32:9f:0e:61:24:c4:
d3:7a:1a:32:9e:c8:82:0c:6c:13:df:30:58:2d:2e:
d3:a6:0f:37:91:50:9c:72:5e:6c:d7:f6:71:3d:22:
ce:5e:da:92:b6:c2:fe:3d:34:18:db:6d:60:96:49:
57:ab:8b:f3:7d:e2:fb:62:a7:4e:3d:67:6b:95:f2:
db:e5:2b:c7:e3:16:05:e2:4a:3d:b0:93:bb:e9:04:
59:4d:a9:f8:86:7c:34:42:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
Netscape Cert Type: critical
SSL Client, S/MIME, Object Signing
X509v3 Subject Alternative Name: critical
email:ba.obma@vodafone.de, URI:http://foaf.me/Hans#me
X509v3 Subject Key Identifier: critical
58:92:81:B9:80:08:6F:6F:C9:65:D7:2E:70:D5:D8:D8:DC:28:3F:47
X509v3 Extended Key Usage: critical
TLS Web Client Authentication, Code Signing, E-mail Protection
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Data Encipherment, Key Agreement
X509v3 Basic Constraints: critical
CA:FALSE
Signature Algorithm: sha1WithRSAEncryption
9e:18:18:7b:bf:24:de:17:12:85:69:cf:ab:ac:a7:ab:9d:59:
75:e4:41:26:22:76:81:fd:02:48:56:5e:62:0b:50:94:93:bc:
19:40:3c:63:bd:89:43:fc:35:3a:6a:7f:a6:db:23:1f:15:eb:
63:87:02:c1:80:96:0f:85:13:12:f8:c4:d6:e7:58:cb:2f:b9:
58:37:f9:08:29:7c:a7:51:87:dd:59:e3:1b:ab:ff:e8:9e:61:
5f:27:e9:ea:5a:e2:df:69:43:2b:1c:a9:2a:83:6c:d7:bc:bb:
20:b1:f6:9d:c6:b1:e0:07:95:29:bb:c6:f7:a8:1c:57:5d:33:
d1:92
>
> Best,
>
> Nathan
>
>
Social Web Architect
http://bblfish.net/
Received on Wednesday, 13 April 2011 21:48:28 UTC