Can you point your certificate at `openssl asn1parse` and compare the string types used in the signature?
My guess it that the cryptography generated cert will have UTF8String, and the cert generated by your other software will have PrintableString or some other string time. If yes, good news! This will be fixed in the next cryptography release -- you can verify this by testing with the version of cryptography in git. Alex On Sun, Oct 1, 2017 at 9:43 AM, Julian Meyer <jul...@meyer-privat.com> wrote: > Hi, > > I woud like to sign a certificate with my internal intermediate (CA) > certificate. First I thought the issue was caused by the > AuthorityKeyIdentifier Extension without the authority_cert_issuer and > authority_cert_serial_number parameters. > > But as Paul wrote back and I made a few tests, this isn’t the issue. > > Until now, I used a Desktop application called XCA to manage my testing > certificates. I like to automate this, witch my python program. But the > Webbrowser don’t accept the created certificates. In Crome I get > ERR_CERT_AUTHORITY_INVALID as an error message, but if I check this > certificate with openssl, or by importing it in XCA, all themes alright. > Yes, the Root Certificate is in the Truststore and the Webserver is > delivering the Intermediate and server certificate. > > I can't locate the issue why the browser can not validate the trust chain > if the certificate is signed by the cryptography library. > > My Software is Open Source and this is the part, where the certificate is > signed: > https://github.com/meyju/cert-master/blob/92104e07bc8d909d763f3559783e9e > 3698785dbc/cert_master/certificate.py#L239 > > Is the order of the extensions in the certificate imported? This is the > only difference I can see right now. > > Any suggestions or tipps? > > Should I send my testing certificates? > > Kind regards, > Julian > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev@python.org > https://mail.python.org/mailman/listinfo/cryptography-dev > -- "I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) "The people's good is the highest law." -- Cicero GPG Key fingerprint: D1B3 ADC0 E023 8CA6
_______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
