Re: Importing Self Signed Cert in Oracle 8i

viswanath Mon, 19 Nov 2001 23:28:07 -0800

Here are the differences found

MY CERT                    |         VERISIGN

1) 1024-bit                           1) 512-bit

2) serial no. 0                          2) serial no. 52:a9:f4:24:da:67:4c:9d:af:4f:53:78:52:ab:ef:6e

3) has C,L,ST,O,OU,CN        3) has O,OU,OU only.

4)has the x509 v3 extension   4) does not have any x509 v3 extensions

Wat i did was the last differences were removed? but still it did not work

The ASN.1 for both the certificates obtained by using openssl asn1parse is given as below
But not much differences were found;

For verisign certificate:

0:d=0 hl=4 l= 589 cons: SEQUENCE
    4:d=1 hl=4 l= 503 cons: SEQUENCE
    8:d=2 hl=2 l= 16 prim: INTEGER           :52A9F424DA674C9DAF4F537852ABEF6E
   26:d=2 hl=2 l= 13 cons: SEQUENCE
   28:d=3 hl=2 l=   9 prim: OBJECT            :md5WithRSAEncryption
   39:d=3 hl=2 l=   0 prim: NULL
   41:d=2 hl=3 l= 169 cons: SEQUENCE
   44:d=3 hl=2 l= 22 cons: SET
   46:d=4 hl=2 l= 20 cons: SEQUENCE
   48:d=5 hl=2 l=   3 prim: OBJECT            :organizationName
   53:d=5 hl=2 l= 13 prim: PRINTABLESTRING   :VeriSign, Inc
   68:d=3 hl=2 l= 71 cons: SET
   70:d=4 hl=2 l= 69 cons: SEQUENCE
   72:d=5 hl=2 l=   3 prim: OBJECT            :organizationalUnitName
   77:d=5 hl=2 l= 62 prim: PRINTABLESTRING   :www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD.
141:d=3 hl=2 l= 70 cons: SET
143:d=4 hl=2 l= 68 cons: SEQUENCE
145:d=5 hl=2 l=   3 prim: OBJECT            :organizationalUnitName
150:d=5 hl=2 l= 61 prim: PRINTABLESTRING   :For VeriSign authorized testing only. No assurances (C)VS1997
213:d=2 hl=2 l= 30 cons: SEQUENCE
215:d=3 hl=2 l= 13 prim: UTCTIME           :980607000000Z
230:d=3 hl=2 l= 13 prim: UTCTIME           :060606235959Z
245:d=2 hl=3 l= 169 cons: SEQUENCE
248:d=3 hl=2 l= 22 cons: SET
250:d=4 hl=2 l= 20 cons: SEQUENCE
252:d=5 hl=2 l=   3 prim: OBJECT            :organizationName
257:d=5 hl=2 l= 13 prim: PRINTABLESTRING   :VeriSign, Inc
272:d=3 hl=2 l= 71 cons: SET
274:d=4 hl=2 l= 69 cons: SEQUENCE
276:d=5 hl=2 l=   3 prim: OBJECT            :organizationalUnitName
281:d=5 hl=2 l= 62 prim: PRINTABLESTRING   :www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD.
345:d=3 hl=2 l= 70 cons: SET
347:d=4 hl=2 l= 68 cons: SEQUENCE
349:d=5 hl=2 l=   3 prim: OBJECT            :organizationalUnitName
354:d=5 hl=2 l= 61 prim: PRINTABLESTRING   :For VeriSign authorized testing only. No assurances (C)VS1997
417:d=2 hl=2 l= 92 cons: SEQUENCE
419:d=3 hl=2 l= 13 cons: SEQUENCE
421:d=4 hl=2 l=   9 prim: OBJECT            :rsaEncryption
432:d=4 hl=2 l=   0 prim: NULL
434:d=3 hl=2 l= 75 prim: BIT STRING
511:d=1 hl=2 l= 13 cons: SEQUENCE
513:d=2 hl=2 l=   9 prim: OBJECT            :md5WithRSAEncryption
524:d=2 hl=2 l=   0 prim: NULL
526:d=1 hl=2 l= 65 prim: BIT STRING

For my certificate:

0:d=0 hl=4 l= 875 cons: SEQUENCE
    4:d=1 hl=4 l= 724 cons: SEQUENCE
    8:d=2 hl=2 l=   3 cons: cont [ 0 ]
   10:d=3 hl=2 l=   1 prim: INTEGER           :02
   13:d=2 hl=2 l=   1 prim: INTEGER           :00
   16:d=2 hl=2 l= 13 cons: SEQUENCE
   18:d=3 hl=2 l=   9 prim: OBJECT            :md5WithRSAEncryption
   29:d=3 hl=2 l=   0 prim: NULL
   31:d=2 hl=3 l= 134 cons: SEQUENCE
   34:d=3 hl=2 l= 11 cons: SET
   36:d=4 hl=2 l=   9 cons: SEQUENCE
   38:d=5 hl=2 l=   3 prim: OBJECT            :countryName
   43:d=5 hl=2 l=   2 prim: PRINTABLESTRING   :IN
   47:d=3 hl=2 l= 20 cons: SET
   49:d=4 hl=2 l= 18 cons: SEQUENCE
   51:d=5 hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
   56:d=5 hl=2 l= 11 prim: PRINTABLESTRING   :MAHARASHTRA
   69:d=3 hl=2 l= 15 cons: SET
   71:d=4 hl=2 l= 13 cons: SEQUENCE
   73:d=5 hl=2 l=   3 prim: OBJECT            :localityName
   78:d=5 hl=2 l=   6 prim: PRINTABLESTRING   :MUMBAI
   86:d=3 hl=2 l= 12 cons: SET
   88:d=4 hl=2 l= 10 cons: SEQUENCE
   90:d=5 hl=2 l=   3 prim: OBJECT            :organizationName
   95:d=5 hl=2 l=   3 prim: PRINTABLESTRING   :TCS
100:d=3 hl=2 l= 12 cons: SET
102:d=4 hl=2 l= 10 cons: SEQUENCE
104:d=5 hl=2 l=   3 prim: OBJECT            :organizationalUnitName
109:d=5 hl=2 l=   3 prim: PRINTABLESTRING   :CSP
114:d=3 hl=2 l= 15 cons: SET
116:d=4 hl=2 l= 13 cons: SEQUENCE
118:d=5 hl=2 l=   3 prim: OBJECT            :commonName
123:d=5 hl=2 l=   6 prim: PRINTABLESTRING   :KMS CA
131:d=3 hl=2 l= 35 cons: SET
133:d=4 hl=2 l= 33 cons: SEQUENCE
135:d=5 hl=2 l=   9 prim: OBJECT            :emailAddress
146:d=5 hl=2 l= 20 prim: IA5STRING         :[EMAIL PROTECTED]
168:d=2 hl=2 l= 30 cons: SEQUENCE
170:d=3 hl=2 l= 13 prim: UTCTIME           :011109062441Z
185:d=3 hl=2 l= 13 prim: UTCTIME           :040805062441Z
200:d=2 hl=3 l= 134 cons: SEQUENCE
203:d=3 hl=2 l= 11 cons: SET
205:d=4 hl=2 l=   9 cons: SEQUENCE
207:d=5 hl=2 l=   3 prim: OBJECT            :countryName
212:d=5 hl=2 l=   2 prim: PRINTABLESTRING   :IN
216:d=3 hl=2 l= 20 cons: SET
218:d=4 hl=2 l= 18 cons: SEQUENCE
220:d=5 hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
225:d=5 hl=2 l= 11 prim: PRINTABLESTRING   :MAHARASHTRA
238:d=3 hl=2 l= 15 cons: SET
240:d=4 hl=2 l= 13 cons: SEQUENCE
242:d=5 hl=2 l=   3 prim: OBJECT            :localityName
247:d=5 hl=2 l=   6 prim: PRINTABLESTRING   :MUMBAI
255:d=3 hl=2 l= 12 cons: SET
257:d=4 hl=2 l= 10 cons: SEQUENCE
259:d=5 hl=2 l=   3 prim: OBJECT            :organizationName
264:d=5 hl=2 l=   3 prim: PRINTABLESTRING   :TCS
269:d=3 hl=2 l= 12 cons: SET
271:d=4 hl=2 l= 10 cons: SEQUENCE
273:d=5 hl=2 l=   3 prim: OBJECT            :organizationalUnitName
278:d=5 hl=2 l=   3 prim: PRINTABLESTRING   :CSP
283:d=3 hl=2 l= 15 cons: SET
285:d=4 hl=2 l= 13 cons: SEQUENCE
287:d=5 hl=2 l=   3 prim: OBJECT            :commonName
292:d=5 hl=2 l=   6 prim: PRINTABLESTRING   :KMS CA
300:d=3 hl=2 l= 35 cons: SET
302:d=4 hl=2 l= 33 cons: SEQUENCE
304:d=5 hl=2 l=   9 prim: OBJECT            :emailAddress
315:d=5 hl=2 l= 20 prim: IA5STRING         :[EMAIL PROTECTED]
337:d=2 hl=3 l= 159 cons: SEQUENCE
340:d=3 hl=2 l= 13 cons: SEQUENCE
342:d=4 hl=2 l=   9 prim: OBJECT            :rsaEncryption
353:d=4 hl=2 l=   0 prim: NULL
355:d=3 hl=3 l= 141 prim: BIT STRING
499:d=2 hl=3 l= 230 cons: cont [ 3 ]
502:d=3 hl=3 l= 227 cons: SEQUENCE
505:d=4 hl=2 l= 29 cons: SEQUENCE
507:d=5 hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
512:d=5 hl=2 l= 22 prim: OCTET STRING
536:d=4 hl=3 l= 179 cons: SEQUENCE
539:d=5 hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
544:d=5 hl=3 l= 171 prim: OCTET STRING
718:d=4 hl=2 l= 12 cons: SEQUENCE
720:d=5 hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
725:d=5 hl=2 l=   5 prim: OCTET STRING
732:d=1 hl=2 l= 13 cons: SEQUENCE
734:d=2 hl=2 l=   9 prim: OBJECT            :md5WithRSAEncryption
745:d=2 hl=2 l=   0 prim: NULL
747:d=1 hl=3 l= 129 prim: BIT STRING

Geoff Thorpe wrote:

20011120052347.SGKD21293.mta5-rme.xtra.co.nz@there">

On Tuesday 20 November 2001 00:20, viswanath wrote:

But the self signed certificate that has been generated contains the
following

X509v3 Basic Constraints:
                CA:TRUE
X509v3 Key Usage:
                Certificate Sign, CRL Sign
 Netscape Cert Type:
                SSL CA, S/MIME CA, Object Signing CA

which means that it is a CA certificate.
So what else could be the problem.


Can you give us a side-by-side of the differences between the CA cert that 
was imported OK and the CA cert you can't get imported? Logic (or a 
first-order approximation thereof) tells me that's where you should find 
your answer ... though of course it could be something like the way the 
strings are encoded rather than the nature of the attributes.

Perhaps "openssl asn1parse -i" the two and take a look at what kind of 
differences you find?

Cheers,
Geoff


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Re: Importing Self Signed Cert in Oracle 8i

Reply via email to