Hi,
I try to run the NSS security tool (ssl test tools) (bin/selfserv.exe,
bin/client.exe). Because the X.509 is not fully understood, I don't know
where the problem is.
My operation steps are as follows:
1. create DB.
2. create one self-signed certificate for CA.
3. create a certifcate request, and sign a certifcate with the CA.
4. run "selfserv"(ssl server) with the first certificate.
5. run "client" (ssl client) with the second certificate.
The console gives me the following error information:
Launched thread in slot 0
Error in function PR_Write: -12276
- Unable to communicate securely with peer: requested domain name does not
match the server's certificate.
Error in function handle_connection: -12276
- Unable to communicate securely with peer: requested domain name does not
match the server's certificate.
Thread in slot 0 returned -1
I don't know the meaning of "domain name" here, could you give me any clue
for me to continue my reading.
Thank you in advance.
kind regards
chenyu
===========================
self-signed cerficate ASCII
C:\Documents and Settings\chenyu>certutil -L -d c:\test -n johnsmith
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2147307083 (0x7ffd4e4b)
Signature Algorithm: PKCS #1 MD5 With RSA Encryption
Issuer:
"CN=My Issuer"
Validity:
Not Before: Sun Sep 04 04:15:56 2005
Not After : Sun Dec 04 04:15:56 2005
Subject:
"CN=John"
Subject Public Key Info:
Public Key Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
96:e4:46:d1:9a:b7:17:15:26:7b:ab:ba:3f:bd:7d:7a:
7e:db:c7:3b:f8:26:0f:f9:24:ed:07:60:af:04:72:8f:
b5:b2:c3:6a:94:22:ae:5d:eb:cc:ee:76:bc:db:3f:d6:
0a:33:d9:f1:6d:db:5e:b4:c9:7e:c9:02:6c:58:23:c0:
f5:79:f9:17:9e:24:61:70:5c:a5:61:e8:58:c8:4e:06:
01:39:b2:67:24:d5:cc:e0:f6:4a:e6:d1:bc:f1:a0:6e:
a6:9c:1b:39:66:40:42:01:94:d2:0a:81:61:32:d1:54:
2f:b9:ab:e1:4c:69:fb:04:e6:32:0e:1f:ce:77:f8:19
Exponent: 65537 (0x10001)
Signature Algorithm: PKCS #1 MD5 With RSA Encryption
Signature:
a2:3b:3d:2e:1b:b7:6a:ff:a3:1e:76:d1:c6:1e:a9:fa:
6b:41:5e:b6:7c:da:3f:27:cd:e9:7f:ec:51:97:8d:82:
5e:e9:bc:3f:c4:ff:30:6e:f5:a8:09:ae:0f:47:bd:bf:
fc:79:5b:56:cb:6e:1a:e5:0d:13:11:90:00:5b:e2:14:
82:31:06:da:18:4f:03:8b:57:2d:c4:fe:6d:3f:8c:1e:
1c:61:9b:bc:07:e1:6a:1a:dd:d9:e0:63:43:8f:a8:a5:
af:a1:aa:7e:ca:cf:bf:54:41:6d:2a:1a:24:61:7c:ac:
7d:c2:12:9b:fd:6e:81:b5:ba:72:0a:37:2d:fb:b3:de
Fingerprint (MD5):
AA:9C:DC:38:21:84:8B:CA:7C:74:A4:03:73:7E:CF:22
Fingerprint (SHA1):
4A:9C:77:AC:9A:15:B6:6E:CD:79:87:47:35:EA:05:CE:79:CB:FA:2C
Certificate Trust Flags:
SSL Flags:
Valid Peer
Trusted
User
Email Flags:
Valid CA
Trusted CA
User
Object Signing Flags:
Valid CA
Trusted CA
User
===========================
client certificate
C:\Documents and Settings\chenyu>certutil -L -d c:\test -n myissuer
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1234 (0x4d2)
Signature Algorithm: PKCS #1 MD5 With RSA Encryption
Issuer:
"CN=My Issuer"
Validity:
Not Before: Sun Sep 04 04:03:44 2005
Not After : Sun Dec 04 04:03:44 2005
Subject:
"CN=My Issuer"
Subject Public Key Info:
Public Key Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
b3:fc:84:54:db:40:23:f2:f2:d5:30:19:03:de:ec:53:
51:25:81:f9:58:a2:e4:bf:32:fe:0a:28:ca:0f:81:5c:
a5:c3:fa:81:be:72:4d:c2:a8:80:ca:93:11:44:4f:91:
17:50:d1:07:16:17:0c:b4:e7:42:9c:4f:5d:85:9f:f8:
91:62:bd:6b:18:68:11:4e:f5:54:95:6a:43:67:83:21:
13:ee:83:e8:9c:4d:13:90:f1:96:65:a1:06:25:67:e5:
37:ac:41:bf:ec:87:09:e2:d4:4b:a7:bb:91:33:5e:23:
e8:5a:5a:8e:99:04:bb:ad:a9:a1:84:3d:6d:50:13:87
Exponent: 65537 (0x10001)
Signed Extensions:
Name: Certificate Type
Data: <SSL Client,SSL Server,S/MIME,Object Signing,Reserved,SSL
CA,
/MIME CA,ObjectSigning CA>
Name: Certificate Basic Constraints
Data: Is a CA with a maximum path length of 3.
Name: Certificate Key Usage
Data:
fe
(1 least significant bits unused)
Signature Algorithm: PKCS #1 MD5 With RSA Encryption
Signature:
60:a1:0e:cc:92:b4:46:2b:de:93:82:bf:03:a0:b7:dd:
b8:59:0b:20:38:c4:38:4d:f4:b8:bb:d7:a1:ab:c7:ea:
f1:2c:4b:7a:69:21:b6:12:1b:72:73:d0:d9:ab:9c:c1:
ea:41:9a:fa:c9:29:a3:b5:6b:23:c5:12:b4:0b:0a:0c:
a7:90:44:10:2d:4d:f5:0e:e6:6c:b8:8c:f0:e9:1f:4a:
f1:84:d1:f1:21:3a:dc:dd:b3:b8:80:d3:9b:0a:94:6d:
fa:cf:80:86:d0:ae:89:b1:6b:d2:b6:4a:17:0c:8c:9f:
d7:42:42:60:ca:d7:56:87:f2:7b:49:99:1a:e3:f5:5d
Fingerprint (MD5):
0C:3E:1E:D3:A5:88:BC:9B:8B:76:AC:B0:76:8D:19:4B
Fingerprint (SHA1):
F2:1E:EC:8D:70:0F:77:82:CD:0F:6E:89:E3:93:82:E4:BD:6C:CC:04
Certificate Trust Flags:
SSL Flags:
Valid CA
Trusted CA
User
Email Flags:
Valid CA
Trusted CA
User
Object Signing Flags:
Valid CA
Trusted CA
User
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
