Ingo Kappler wrote:
> 
> For secure mail connections I use a selfsigned certificate on the server,
> created with openssl. 

Here's the full story.

The cert you sent me is neither self signed nor self issued.  

A self-signed cert is one whose signature can be verified using the public
key found in the same certificate.  When I use the RSA public key in the 
cert you sent me to decrypt the signature in that cert, the result is not
a properly formatted PKCS#1 v1.5 signature block, so the signature does not
verify.  It is not a self signed cert, or its signature some some other 
algorithm than PKCS#1 v1.5.  

A self issued cert is one that identifies itself as being the certificate
of its own issuer.  To be a self issued cert, both of the following 
conditions must be true:

Condition 1: the issuer name in the cert must be identically the same as
the subject name in the cert, AND

Condition 2: one of the following must be true:

Condition 2a: The cert has no Authority Key Identifier extension, or

Condition 2b: The cert has both an Authority Key Identifier extension and
a Subject key identifier extension, and the two identifiers are the 
identical.  An Authority Key identifier says, in effect, "my issuer has 
a subject key identifier with this value".  

Your cert meets condition 1, but not condition 2.  Your cert contains both
an authority key identifier extension and a subject key identifier extension,
but the two identifiers are not equal.  So, it appears that this cert is 
NOT its own issuer, because the subject key ID doesn't appear to match the
authority key ID.  

A self issued cert should also be self signed.  A self-signed cert should
normally be self issued.

If you want your cert to be both self signed and self identified, then 
you'll have to fix it to have these properties.

> It works for my needs with netscape 6.2 and kmail and
> other programs, except mozilla 1.0 and netscape 7.

> I get an error message saying it couldn`t establish a secure connection for
> the cert might be destroyed or not usable with error-code -8182.

Right,  Your cert apparently is not really  self signed.  The signature 
really does not verify using the public key in that same cert.  Mozilla 
is now complaining about that.

> What has changed?

What has changed is that a new bug in mozilla causes mozilla to think 
that your cert IS self-issued, when it really isn't.  Mozilla's check
for a self-signed cert is not presently paying attention to the authority
key identifier.  It's ignoring condition 2.  Since your certificate meets
condition 1, mozilla now thinks your cert is self-issued, and therefore
expects it to be self-signed, which it apparently isn't.  When mozilla
checks the signature on the cert with the cert's public key, it finds 
the signature is invalid, and so it complains.  

Mozilla treats the invalid signature error differently from most other 
cert errors.  After most other cert errors, mozilla gives you the 
chance to accept the cert anyway and continue with SSL, storing the cert
in your list of certs for trusted web servers, but when the certificate's
signature is invalid, mozilla doesn't give you that option.  That's 
certainly an inconsistency, and I think it's a bug.  

I have filed two new bugs against mozilla's security components for these
two issues. 
http://bugzilla.mozilla.org/show_bug.cgi?id=157218
http://bugzilla.mozilla.org/show_bug.cgi?id=157224

In the meantime, you can change your cert so that it works with any
version of mozilla or communicator.  You could do any of the following:

1. issue your server a new cert that does not meet condition 1 of being
self issued.  In other words, issue a new cert that appears to have been
issued by a cert with a different subject name, one that doesn't exist.
That cert will behave exactly the same way with N7 that your old cert
behaved with old versions of N6.  

or 

2. issue your server a new cert that really is self-signed and really is
self-issued.  I don't know why your present certificate isn't really 
self signed.  Since you made it with OpenSSL, you'll have to ask some
OpenSSL folks what to do differently to be self signed.  As for being
self issued, I suggest you simply leave off the authority and subject
key ID extensions from the cert.

Either way, be sure you don't issue a new cert with the same issuer and
serial number as you've used before.  Be sure your new certs all have new
and unique serial numbers.  Otherwise, you'll run into more troubles. 

> Thanks Ingo

--
Nelson B  
(Please don't reply to this email address.  Please reply to the newsgroup.)

Reply via email to