[Muscle] Loading an OpenCA (0.9.3-rc1)-generated cert on MuscleCard CFlex e-gate, and Firefox (2.0.0.4) does not show as owners certificate

Tue, 20 Nov 2007 08:06:19 -0800 

Hi at muscle,
I'm trying to set up a test card for developing a client SSL authentication app. But this time the above mentioned combination does not work. FF ist stupidly(?) refusing to display and use the tokens cert as an owner cert, and thus not offering it for S/MIME signing or SSL client-cert authentication. OpenCA's signing CA cert has been imported onto the software token of FF and trusted for all available choices. After all, the cert on the card is shown as other peoples's cert. 
Did MUSCLE's PKCS11 and NSS token manager stop working together?
Has somebody seen this behaviour before, or can even tell what's wrong here?

Thank you in advance

Martin

> openssl x509 -in C0.der -inform DER -text -noout

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7 (0x7)
        Signature Algorithm: sha1WithRSAEncryption
Issuer: C=DE, O=xxx, OU=EP, CN=Martin Buechler/[EMAIL PROTECTED] 
        Validity
            Not Before: Nov 20 12:19:51 2007 GMT
            Not After : Nov 19 12:19:51 2008 GMT
Subject: C=DE, O=xxx, OU=Employees, CN=Martin Buechler/serialNumber=7 
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:cd:84:cf:7f:a9:34:72:72:2a:d5:53:9a:33:d6:
                    fa:b6:db:ce:34:e1:5c:49:1c:ee:f6:64:1d:9d:e2:
                    57:43:ee:98:a2:bd:82:bb:58:59:71:fa:97:e7:1c:
                    18:30:f2:3b:70:da:99:76:b9:57:c9:c0:5c:21:9c:
                    a8:70:e1:28:6b:e7:b9:d4:4c:3b:25:71:a9:59:2c:
                    5e:4b:c5:f1:65:76:a3:2e:b1:ea:d6:00:c3:7d:1e:
                    96:9f:5d:f8:b4:ee:ea:68:06:27:09:1e:2c:5c:f2:
                    97:30:bd:f5:b0:5f:0c:05:93:c7:4e:6c:ed:e8:d2:
                    61:c8:1c:11:7b:f0:e7:6b:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Certificate Policies:
                Policy: 1.2.3.3.4
                Policy: 1.2.3.3.5
                Policy: 1.2.3.3.6
                Policy: 1.2.3.3.7
                  CPS: http://some.url.org/cps

            Netscape Cert Type:
                SSL Client, S/MIME
            X509v3 Key Usage:
                Digital Signature, Non Repudiation, Key Encipherment
            X509v3 Extended Key Usage:
TLS Web Client Authentication, E-mail Protection, Microsoft Smartcardlogin 
            Netscape Comment:
                User Certificate of xxx
            X509v3 Subject Key Identifier:
                E8:9D:72:44:82:1E:E7:BD:92:78:C1:7A:AB:F9:FA:4C:C1:B8:9C:10
            X509v3 Authority Key Identifier:

keyid:C1:0A:25:6F:C0:FB:46:DA:6B:9B:85:2A:75:B6:AF:75:37:A1:3D:36
DirName:/C=DE/O=xxx/OU=EP/CN=Martin Buechler/[EMAIL PROTECTED] 
                serial:A4:A3:47:0A:CD:9F:28:26

            X509v3 Subject Alternative Name:
                email:[EMAIL PROTECTED]
            X509v3 Issuer Alternative Name:
                email:[EMAIL PROTECTED]
            Netscape CA Revocation Url:
                http:///pub/crl/cacrl.crl
            Netscape Revocation Url:
                http:///pub/crl/cacrl.crl
            X509v3 CRL Distribution Points:
                URI:http:///pub/crl/cacrl.crl

    Signature Algorithm: sha1WithRSAEncryption
        0d:f7:d1:7c:81:66:ae:7f:3c:72:d5:38:e1:a3:6a:dc:8b:2f:
        ab:9b:19:2e:94:0a:3d:d0:5c:35:a8:78:b8:0e:f6:0d:bc:91:
        87:48:a7:1f:81:6e:54:95:84:ba:13:e0:ec:3d:8a:8c:c4:55:
        9a:eb:f5:90:e8:af:ec:15:99:a3:5b:73:83:68:93:3b:3d:e1:
        c3:7b:83:d1:da:d2:5d:c3:06:9e:f5:a3:36:f5:4e:fd:c1:aa:
        17:f8:94:a6:16:92:9c:9a:ab:50:4e:8f:0e:6f:ca:77:b4:51:
        49:2b:c2:c0:c6:e0:42:f7:3f:d3:93:1e:75:53:2f:44:08:de:
        4f:69:7f:31:a8:5b:5a:26:0e:4e:80:f0:17:2d:16:9c:a0:88:
        7a:d2:d6:eb:f5:e5:1a:1a:3a:1e:b1:12:fb:b7:05:e1:3b:6b:
        99:32:25:e3:f0:3b:4a:eb:2c:0a:ac:c5:1d:99:54:00:04:07:
        b5:05:be:ca:be:de:36:65:f0:ac:9f:95:a3:3a:6e:ae:57:25:
        64:5d:de:5b:d8:b0:8c:91:d5:4e:5a:1d:8f:11:8e:de:58:5d:
        4f:bf:10:0e:6a:95:39:f2:34:28:ac:11:81:85:0f:27:f4:8c:
        e1:7d:58:0a:01:e5:13:f3:c3:38:9d:a5:ac:03:a0:04:d6:36:
        d6:3e:64:ef:c7:56:c5:1b:30:d2:71:1b:fe:51:52:b1:cf:57:
        a1:20:57:e4:51:7d:57:05:56:a7:a0:e4:8c:ef:11:a3:10:03:
        e7:62:ed:6e:26:66:39:13:9b:d2:05:dd:2d:44:7c:d9:5a:3f:
        e8:b4:b8:90:a5:2e:5e:97:89:34:dc:5a:c5:59:99:35:36:39:
        ca:6d:63:4e:19:ad:30:db:62:18:db:ea:f1:ed:68:48:24:5c:
        2b:bf:a8:97:50:6d:5d:81:ef:a2:f9:2d:30:be:e6:54:6b:cc:
        5b:e8:4a:ce:dc:ca:54:e5:fb:01:66:5e:d7:eb:db:4e:2a:92:
        ad:11:bf:9f:86:74:ab:e5:99:1c:bf:4d:a0:fa:4d:8c:6e:35:
        68:df:05:8e:22:76:cc:f4:ef:f1:a5:ab:20:64:3e:33:c5:a7:
        2d:fe:0c:9e:35:ca:63:19:6d:92:bf:82:2a:6a:88:bb:6e:7f:
        38:15:e1:d6:01:23:b4:b8:cd:21:7d:aa:cf:a7:c9:5e:88:e0:
        34:3e:4f:ee:2f:97:9a:df:33:bb:ee:fc:a6:3f:d5:86:31:a4:
        52:7c:6d:0f:ad:a8:30:12:b1:be:23:b9:d7:11:6c:9f:a2:9c:
        1e:1d:c0:ab:b8:72:2a:2b:77:45:d9:af:2d:a3:e2:71:08:9c:
        87:ff:f5:90:93:38:89:22


_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle

Reply via email to