hi, I have read the one previous post "question on SSL sample code" of the group in the google. It provides important reference to http://www.mozilla.org/projects/security/pki/nss/ref/ssl/, which contains the important information.
"There's a chapter entitled "Getting Started With SSL" that explains how to setup the DBs specifically for the sample client and server. " I think I can solve the problem now. Thank you for your attention. kind regards chenyu "chenyu" <[EMAIL PROTECTED]> дÈëÓʼþ news:[EMAIL PROTECTED] > Hi, > I try to run the NSS security tool (ssl test tools) (bin/selfserv.exe, > bin/client.exe). Because the X.509 is not fully understood, I don't know > where the problem is. > > My operation steps are as follows: > 1. create DB. > 2. create one self-signed certificate for CA. > 3. create a certifcate request, and sign a certifcate with the CA. > 4. run "selfserv"(ssl server) with the first certificate. > 5. run "client" (ssl client) with the second certificate. > > The console gives me the following error information: > Launched thread in slot 0 > Error in function PR_Write: -12276 > - Unable to communicate securely with peer: requested domain name does not > match the server's certificate. > Error in function handle_connection: -12276 > - Unable to communicate securely with peer: requested domain name does not > match the server's certificate. > Thread in slot 0 returned -1 > > I don't know the meaning of "domain name" here, could you give me any clue > for me to continue my reading. > > > > Thank you in advance. > kind regards > chenyu > > > =========================== > self-signed cerficate ASCII > > C:\Documents and Settings\chenyu>certutil -L -d c:\test -n johnsmith > Certificate: > Data: > Version: 3 (0x2) > Serial Number: 2147307083 (0x7ffd4e4b) > Signature Algorithm: PKCS #1 MD5 With RSA Encryption > Issuer: > "CN=My Issuer" > Validity: > Not Before: Sun Sep 04 04:15:56 2005 > Not After : Sun Dec 04 04:15:56 2005 > Subject: > "CN=John" > Subject Public Key Info: > Public Key Algorithm: PKCS #1 RSA Encryption > RSA Public Key: > Modulus: > 96:e4:46:d1:9a:b7:17:15:26:7b:ab:ba:3f:bd:7d:7a: > 7e:db:c7:3b:f8:26:0f:f9:24:ed:07:60:af:04:72:8f: > b5:b2:c3:6a:94:22:ae:5d:eb:cc:ee:76:bc:db:3f:d6: > 0a:33:d9:f1:6d:db:5e:b4:c9:7e:c9:02:6c:58:23:c0: > f5:79:f9:17:9e:24:61:70:5c:a5:61:e8:58:c8:4e:06: > 01:39:b2:67:24:d5:cc:e0:f6:4a:e6:d1:bc:f1:a0:6e: > a6:9c:1b:39:66:40:42:01:94:d2:0a:81:61:32:d1:54: > 2f:b9:ab:e1:4c:69:fb:04:e6:32:0e:1f:ce:77:f8:19 > Exponent: 65537 (0x10001) > Signature Algorithm: PKCS #1 MD5 With RSA Encryption > Signature: > a2:3b:3d:2e:1b:b7:6a:ff:a3:1e:76:d1:c6:1e:a9:fa: > 6b:41:5e:b6:7c:da:3f:27:cd:e9:7f:ec:51:97:8d:82: > 5e:e9:bc:3f:c4:ff:30:6e:f5:a8:09:ae:0f:47:bd:bf: > fc:79:5b:56:cb:6e:1a:e5:0d:13:11:90:00:5b:e2:14: > 82:31:06:da:18:4f:03:8b:57:2d:c4:fe:6d:3f:8c:1e: > 1c:61:9b:bc:07:e1:6a:1a:dd:d9:e0:63:43:8f:a8:a5: > af:a1:aa:7e:ca:cf:bf:54:41:6d:2a:1a:24:61:7c:ac: > 7d:c2:12:9b:fd:6e:81:b5:ba:72:0a:37:2d:fb:b3:de > Fingerprint (MD5): > AA:9C:DC:38:21:84:8B:CA:7C:74:A4:03:73:7E:CF:22 > Fingerprint (SHA1): > 4A:9C:77:AC:9A:15:B6:6E:CD:79:87:47:35:EA:05:CE:79:CB:FA:2C > > Certificate Trust Flags: > SSL Flags: > Valid Peer > Trusted > User > Email Flags: > Valid CA > Trusted CA > User > Object Signing Flags: > Valid CA > Trusted CA > User > > > =========================== > client certificate > > C:\Documents and Settings\chenyu>certutil -L -d c:\test -n myissuer > Certificate: > Data: > Version: 3 (0x2) > Serial Number: 1234 (0x4d2) > Signature Algorithm: PKCS #1 MD5 With RSA Encryption > Issuer: > "CN=My Issuer" > Validity: > Not Before: Sun Sep 04 04:03:44 2005 > Not After : Sun Dec 04 04:03:44 2005 > Subject: > "CN=My Issuer" > Subject Public Key Info: > Public Key Algorithm: PKCS #1 RSA Encryption > RSA Public Key: > Modulus: > b3:fc:84:54:db:40:23:f2:f2:d5:30:19:03:de:ec:53: > 51:25:81:f9:58:a2:e4:bf:32:fe:0a:28:ca:0f:81:5c: > a5:c3:fa:81:be:72:4d:c2:a8:80:ca:93:11:44:4f:91: > 17:50:d1:07:16:17:0c:b4:e7:42:9c:4f:5d:85:9f:f8: > 91:62:bd:6b:18:68:11:4e:f5:54:95:6a:43:67:83:21: > 13:ee:83:e8:9c:4d:13:90:f1:96:65:a1:06:25:67:e5: > 37:ac:41:bf:ec:87:09:e2:d4:4b:a7:bb:91:33:5e:23: > e8:5a:5a:8e:99:04:bb:ad:a9:a1:84:3d:6d:50:13:87 > Exponent: 65537 (0x10001) > Signed Extensions: > Name: Certificate Type > Data: <SSL Client,SSL Server,S/MIME,Object Signing,Reserved,SSL > CA, > /MIME CA,ObjectSigning CA> > > Name: Certificate Basic Constraints > Data: Is a CA with a maximum path length of 3. > > Name: Certificate Key Usage > Data: > fe > (1 least significant bits unused) > > Signature Algorithm: PKCS #1 MD5 With RSA Encryption > Signature: > 60:a1:0e:cc:92:b4:46:2b:de:93:82:bf:03:a0:b7:dd: > b8:59:0b:20:38:c4:38:4d:f4:b8:bb:d7:a1:ab:c7:ea: > f1:2c:4b:7a:69:21:b6:12:1b:72:73:d0:d9:ab:9c:c1: > ea:41:9a:fa:c9:29:a3:b5:6b:23:c5:12:b4:0b:0a:0c: > a7:90:44:10:2d:4d:f5:0e:e6:6c:b8:8c:f0:e9:1f:4a: > f1:84:d1:f1:21:3a:dc:dd:b3:b8:80:d3:9b:0a:94:6d: > fa:cf:80:86:d0:ae:89:b1:6b:d2:b6:4a:17:0c:8c:9f: > d7:42:42:60:ca:d7:56:87:f2:7b:49:99:1a:e3:f5:5d > Fingerprint (MD5): > 0C:3E:1E:D3:A5:88:BC:9B:8B:76:AC:B0:76:8D:19:4B > Fingerprint (SHA1): > F2:1E:EC:8D:70:0F:77:82:CD:0F:6E:89:E3:93:82:E4:BD:6C:CC:04 > > Certificate Trust Flags: > SSL Flags: > Valid CA > Trusted CA > User > Email Flags: > Valid CA > Trusted CA > User > Object Signing Flags: > Valid CA > Trusted CA > User > > > > > > > > > > _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
