Hi Nelson,
thank you for looking into this.
I dont think its the extensions, as the certificate work well, if not
stored in hw-token. Here is my CA:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for
Security in Data Networks GmbH, OU=TC TrustCenter Class 1
CA/[EMAIL PROTECTED]
Validity
Not Before: Mar 9 13:56:33 1998 GMT
Not After : Dec 31 13:56:33 2005 GMT
Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for
Security in Data Networks GmbH, OU=TC TrustCenter Class 1
CA/[EMAIL PROTECTED]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:b0:29:eb:b4:76:b3:ae:d7:b6:5b:b4:5e:e7:bd:
e3:b1:9c:49:04:57:5b:a1:ab:d9:7f:13:1b:fd:ba:
61:ab:d8:e7:71:df:2d:00:94:5d:51:48:7d:23:ef:
75:62:84:90:3c:0a:1f:59:11:74:2f:8e:80:a5:fd:
30:02:3d:29:52:cd:72:1a:49:21:9c:bc:cb:52:8e:
48:a1:63:96:c8:10:85:30:69:57:74:45:c0:5a:86:
c6:d5:3d:e0:68:57:7d:31:6a:24:8d:45:97:3e:31:
7e:68:66:32:6e:24:6d:ec:32:36:c9:41:ca:f0:31:
44:c8:a3:61:ca:1b:a0:36:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
Netscape Revocation Url:
https://www.trustcenter.de/cgi-bin/check-rev.cgi?
Netscape CA Revocation Url:
https://www.trustcenter.de/cgi-bin/check-rev.cgi?
Netscape Renewal Url:
https://www.trustcenter.de/cgi-bin/Renew.cgi?
Netscape CA Policy Url:
http://www.trustcenter.de/guidelines/index.html
Netscape Comment:
TC TrustCenter Class 1 CA
Netscape Cert Type:
SSL CA, S/MIME CA, Object Signing CA
Signature Algorithm: md5WithRSAEncryption
05:42:52:26:a4:0c:27:01:44:ac:5c:25:28:c2:44:42:54:08:
b9:1d:c5:3e:6c:59:66:c4:b3:4e:50:a7:f8:f8:96:75:a1:96:
75:e8:16:38:a0:cd:5d:6e:fa:79:a7:1b:7b:1d:1e:c3:00:b9:
66:be:5a:d6:62:0f:e7:f2:7b:b8:ef:4c:e0:c0:3f:59:ae:39:
b7:84:09:9e:ab:f1:a9:2e:6b:69:e2:ad:cc:f2:ea:78:09:05:
20:38:42:71:18:7e:c7:b2:97:e6:d5:02:05:06:56:a3:5f:f1:
aa:c2:c4:4f:fe:f7:ef:16:0f:9d:ec:aa:85:cf:3d:29:24:f1:
04:cd
-----BEGIN CERTIFICATE-----
MIIENTCCA56gAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBvDELMAkGA1UEBhMCREUx
EDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD
IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgx
IjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDEgQ0ExKTAnBgkqhkiG9w0B
CQEWGmNlcnRpZmljYXRlQHRydXN0Y2VudGVyLmRlMB4XDTk4MDMwOTEzNTYzM1oX
DTA1MTIzMTEzNTYzM1owgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJn
MRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3Ig
U2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz
dENlbnRlciBDbGFzcyAxIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0
cnVzdGNlbnRlci5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsCnrtHaz
rte2W7Re573jsZxJBFdboavZfxMb/bphq9jncd8tAJRdUUh9I+91YoSQPAofWRF0
L46Apf0wAj0pUs1yGkkhnLzLUo5IoWOWyBCFMGlXdEXAWobG1T3gaFd9MWokjUWX
PjF+aGYybiRt7DI2yUHK8DFEyKNhyhugNh8CAwEAAaOCAUMwggE/MEAGCWCGSAGG
+EIBAwQzFjFodHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNr
LXJldi5jZ2k/MEAGCWCGSAGG+EIBBAQzFjFodHRwczovL3d3dy50cnVzdGNlbnRl
ci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2k/MDwGCWCGSAGG+EIBBwQvFi1odHRw
czovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL1JlbmV3LmNnaT8wPgYJYIZI
AYb4QgEIBDEWL2h0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9p
bmRleC5odG1sMCgGCWCGSAGG+EIBDQQbFhlUQyBUcnVzdENlbnRlciBDbGFzcyAx
IENBMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQQFAAOBgQAFQlImpAwn
AUSsXCUowkRCVAi5HcU+bFlmxLNOUKf4+JZ1oZZ16BY4oM1dbvp5pxt7HR7DALlm
vlrWYg/n8nu470zgwD9Zrjm3hAmeq/GpLmtp4q3M8up4CQUgOEJxGH7Hspfm1QIF
BlajX/GqwsRP/vfvFg+d7KqFzz0pJPEEzQ==
-----END CERTIFICATE-----
And this is my personal cert:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3f:2d:00:00:00:02:be:e7:86:d0:6e:d1:a5:d1
Signature Algorithm: md5WithRSAEncryption
Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for
Security in Data Networks GmbH, OU=TC TrustCenter Class 1
CA/[EMAIL PROTECTED]
Validity
Not Before: May 21 00:50:04 2003 GMT
Not After : Jun 28 00:50:04 2004 GMT
Subject: C=DE, CN=Andreas
Marx/[EMAIL PROTECTED]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:b6:13:d2:b3:34:5a:96:3a:e9:cb:14:0a:16:a9:
23:63:f7:70:af:3f:81:3b:c5:3a:ef:3d:22:f4:71:
ca:a4:ef:4c:2d:07:de:9b:b1:94:f0:8d:81:93:55:
90:ca:7b:05:5e:9a:78:e4:b7:c7:1b:3f:fb:71:97:
46:ce:55:d9:96:24:66:54:1d:a9:7c:7e:19:04:37:
31:38:58:2f:38:ef:35:7e:18:a0:a3:57:00:2c:47:
93:e8:25:f9:5d:bd:cf:fe:54:b3:e3:13:1b:3b:ed:
14:d4:be:df:52:6e:91:19:70:d2:b1:fa:21:8e:57:
3b:8a:37:80:cc:b3:0a:fe:79:b0:42:7a:43:e3:c9:
c2:91:cd:a4:2d:aa:46:b3:c0:ce:f7:5c:32:32:3d:
a9:ac:e9:8e:69:95:d6:2d:53:cc:79:fa:88:d0:d8:
7a:54:8c:a0:60:d4:55:3a:46:e9:84:9f:52:a1:a2:
a4:15:2a:f0:64:e4:0d:8f:3b:82:4e:d2:48:f3:d1:
29:73:f8:2f:c8:f4:55:d4:df:a2:7f:bd:da:34:3e:
54:18:ee:4b:93:d1:06:12:eb:de:bc:85:46:dc:cf:
f3:3f:5a:4d:79:e9:00:1b:74:4a:6c:b2:f6:47:e5:
85:c2:76:53:30:91:0b:34:5f:4a:75:c7:82:a6:e5:
a6:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment
Netscape CA Policy Url:
http://www.trustcenter.de/guidelines
Netscape Cert Type:
SSL Client, S/MIME
Netscape Revocation Url:
https://www.trustcenter.de/cgi-bin/check-rev.cgi/3F2D00000002BEE786D06ED1A5D1?
Signature Algorithm: md5WithRSAEncryption
19:0f:ca:e2:d6:b0:6f:f3:7e:ff:a2:71:80:75:2e:ac:87:15:
d4:7c:9c:df:04:96:cb:03:d4:b0:03:09:92:85:96:4a:44:64:
e9:6a:fd:b6:1a:7f:2e:05:4e:b2:78:c7:44:4f:97:13:46:a9:
94:06:63:7a:0c:f2:fd:23:cd:8a:47:1e:42:bf:d6:fa:d6:8a:
30:c7:65:8f:d6:10:54:cc:fc:fd:aa:7c:06:7c:47:1e:37:cb:
ab:41:e3:49:69:27:97:cc:9a:ef:1c:bc:ca:bd:bd:14:de:a7:
de:a4:89:8b:29:83:35:55:e9:cc:99:f2:ee:72:4a:68:60:60:
bc:0a
-----BEGIN CERTIFICATE-----
MIID1jCCAz+gAwIBAgIOPy0AAAACvueG0G7RpdEwDQYJKoZIhvcNAQEEBQAwgbwx
CzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJn
MTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBO
ZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAxIENB
MSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNlbnRlci5kZTAeFw0w
MzA1MjEwMDUwMDRaFw0wNDA2MjgwMDUwMDRaMEkxCzAJBgNVBAYTAkRFMRUwEwYD
VQQDEwxBbmRyZWFzIE1hcngxIzAhBgkqhkiG9w0BCQEWFEFuZHJlYXMuTWFyeEBu
ZW94LmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthPSszRaljrp
yxQKFqkjY/dwrz+BO8U67z0i9HHKpO9MLQfem7GU8I2Bk1WQynsFXpp45LfHGz/7
cZdGzlXZliRmVB2pfH4ZBDcxOFgvOO81fhigo1cALEeT6CX5Xb3P/lSz4xMbO+0U
1L7fUm6RGXDSsfohjlc7ijeAzLMK/nmwQnpD48nCkc2kLapGs8DO91wyMj2prOmO
aZXWLVPMefqI0Nh6VIygYNRVOkbphJ9SoaKkFSrwZOQNjzuCTtJI89Epc/gvyPRV
1N+if73aND5UGO5Lk9EGEuvevIVG3M/zP1pNeekAG3RKbLL2R+WFwnZTMJELNF9K
dceCpuWmKwIDAQABo4HIMIHFMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXg
MDMGCWCGSAGG+EIBCAQmFiRodHRwOi8vd3d3LnRydXN0Y2VudGVyLmRlL2d1aWRl
bGluZXMwEQYJYIZIAYb4QgEBBAQDAgWgMF0GCWCGSAGG+EIBAwRQFk5odHRwczov
L3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2kvM0YyRDAw
MDAwMDAyQkVFNzg2RDA2RUQxQTVEMT8wDQYJKoZIhvcNAQEEBQADgYEAGQ/K4taw
b/N+/6JxgHUurIcV1Hyc3wSWywPUsAMJkoWWSkRk6Wr9thp/LgVOsnjHRE+XE0ap
lAZjegzy/SPNikceQr/W+taKMMdlj9YQVMz8/ap8BnxHHjfLq0HjSWknl8ya7xy8
yr29FN6n3qSJiymDNVXpzJny7nJKaGBgvAo=
-----END CERTIFICATE-----
--
Andreas Marx
Nelson B <[EMAIL PROTECTED]> wrote in message news:<[EMAIL PROTECTED]>...
> Need to see the full content of all the relevant certs to answer your
> question. Cert might have extensions that prevent it from being used
> as you wish.
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
