Re: Suspicious Cert - Nokia cell phone refuses to accept the Cert
Am 14.10.2010 01:58, Mounir IDRASSI schrieb: > Hi Stefan, > > The value of the Basic Constraint extension of this website self-signed > certificate is "End Entity" and, more importantly, it is set to > Critical. So, technically speaking, this certificate can not be a CA and > it can't certify itself. > The Nokia implementation seems to be strict compared with others but it > can't be blamed for checking the correctness of a certificate. > The administrators of this website can solve this issue by creating a > new certificate without the Basic Constraint extension. A more clean > solution would be to a have the server's certificate issued by a root CA > of their own, like in any normal PKI architecture. Thank you for the informations. Stefan -- Stefan Bauer - PGP: 36D1 1570 DCAD B767 EABE F60D 6BCA 7AD4 79EB C4EC plzk.de - Linux - because it works -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Suspicious Cert - Nokia cell phone refuses to accept the Cert
Hi Stefan, The value of the Basic Constraint extension of this website self-signed certificate is "End Entity" and, more importantly, it is set to Critical. So, technically speaking, this certificate can not be a CA and it can't certify itself. The Nokia implementation seems to be strict compared with others but it can't be blamed for checking the correctness of a certificate. The administrators of this website can solve this issue by creating a new certificate without the Basic Constraint extension. A more clean solution would be to a have the server's certificate issued by a root CA of their own, like in any normal PKI architecture. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 10/13/2010 7:11 PM, Stefan Bauer wrote: Dear Openssl-Users, i recently came across a problem with the offered ssl-cert on www.mastersnet.de It's a self signed cert and all of the nokia cell phones, i get my hands on refuse to accept this cert when trying to import it manually in the cert store. It is working without problems for example with a signed cert from cacert (where the root-CA-cert is also not in the default cert store) I'm asking for your help hereby, if some of you could please have a look at this cert and tell me, if there is something suspicous, leading to the reported problem. It might be a bug in the nokia cell phones. It's working with iPhone or windows mobile devices. Thanks in advance Stefan __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Suspicious Cert - Nokia cell phone refuses to accept the Cert
Dear Openssl-Users, i recently came across a problem with the offered ssl-cert on www.mastersnet.de It's a self signed cert and all of the nokia cell phones, i get my hands on refuse to accept this cert when trying to import it manually in the cert store. It is working without problems for example with a signed cert from cacert (where the root-CA-cert is also not in the default cert store) I'm asking for your help hereby, if some of you could please have a look at this cert and tell me, if there is something suspicous, leading to the reported problem. It might be a bug in the nokia cell phones. It's working with iPhone or windows mobile devices. Thanks in advance Stefan -- Stefan Bauer - PGP: 36D1 1570 DCAD B767 EABE F60D 6BCA 7AD4 79EB C4EC plzk.de - Linux - because it works -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
