Hi Fabio,
You are aware that certificates issued by a openxPKI is generally not trusted?
You have to do this manually.
Have you imported the root certificate in your trusted certificate store on the
client?
Have you configured the webserver to deliver the issuing CA (if there is any)
together with the end entity certificate?
You need to make sure that the client has the root ca trusted and the chain to
the end entity certificate can be completed by the client.
Klaus
Von: Fabio Strada [mailto:[email protected]]
Gesendet: Freitag, 28. Juli 2017 11:06
An: [email protected]
Betreff: [OpenXPKI-users] NET::ERR_CERT_INVALID
Hi,
I've the problem to use the certficates generated by openxpki.
I made these steps to generate the certificate using openxpki:
1) Login with raop user to the site http://localhost/openxpki
2) Request -> Request certificate, Select TLS Client and press "continue" button
3) Click on "Generate key on server" button
4) Select
- Key Algorithm: RSA
- Key Encryption Method: AES 256 bit
- Key length: 2048 bit
- Password Method: Generate password on server
Press continue and generate password.
5) Into Edit Subject Form, I specified:
- Hostname: www.forensor.com <http://www.mysite.com>
- Application Name: scep
6) Into Edit Certificate Info Form, I specified my firstname, lastname, Email
address and affilation System Owner
7) Into "Review request" Form, I press "Submit request" button
8) Into "Request awaits approval" Form, I press "Approve Request"
After these steps, I downloaded the following files:
- .crt certificate
- .key keyword
- PEM bundle
I used this file into my nodejs server:
var https = require("https");
var fs = require("fs");
var options = {
ca: fs.readFileSync('www.forensor.com-scep.bundle'),
key: fs.readFileSync('www.forensor.com-scep.key'),
cert: fs.readFileSync('www.forensor.com-scep.crt'),
passphrase: 'DfgdfYREsasrer83Ss.45sdas'
};
var server = https.createServer(options, function(request, response){
response.writeHead(200, {"Content-Type": "text/html"});
response..write("<html>");
response.write("<head>");
response.write("<title>Hello World Page</title>");
response.write("</head>");
response.write("<body>");
response.write("Hello World!");
response.write("</body>");
response.write("</html>");
response.end();
});
server.listen(443, 'localhost');
console.log("Server is listening");
Unfortunately, The browser responded with this error: NET::ERR_CERT_INVALID
Furthermore, the site is not "secure":
Immagine incorporata 2
I expect this behavior:
Immagine incorporata 3
Where is the problem????
Is my procedure correct? Is the certficates generated by openxpki secure???
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
