Closed
Bug 1044269
Opened 10 years ago
Closed 10 years ago
sec_error_inadequate_key_usage error triggered by server cert with Certificate Sign among its key usages
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
INVALID
People
(Reporter: smichaud, Unassigned)
References
Details
Attachments
(2 files)
I get this error in recent mozilla-central nightlies visiting a local site in the "private" domain (the site has a private IP address, and is "www.bagend.private"). Neither the CA cert nor the server cert (for www.bagend.private) are expired, and (as best I can tell) both are perfectly well-formed. (I'll attach their public certs later.) I tested with a fresh profile, after having imported the CA's public key into Firefox's list of "Authorities" and trusting it fully (for all three purposes).
Reporter | ||
Comment 1•10 years ago
|
||
Reporter | ||
Comment 2•10 years ago
|
||
Reporter | ||
Comment 3•10 years ago
|
||
In case it's relevant: My server is running the version of Apache that comes bundled with OS X 10.7 Server. It seems properly configured, and works fine with other browsers (e.g. Safari and Chrome) and earlier versions of Firefox.
Comment 4•10 years ago
|
||
First 10,000 view. The server cert is asserting: Certificate Sign in its Key Usages. I am almost certain that this is now considered invalid for end-entities (as a precaution)
Reporter | ||
Comment 5•10 years ago
|
||
Actually this also happens with FF 31. But not with FF 30.
Reporter | ||
Comment 6•10 years ago
|
||
> The server cert is asserting: Certificate Sign in its Key Usages.
OK, I'll try changing that and see what happens. (I'm using openssl utilities to run what I call a "poor man's CA". That gives me full control over the characteristics of the certs I create.)
Reporter | ||
Comment 7•10 years ago
|
||
I tried your suggestion and it worked like a charm. Thanks! A more informative error message would have helped, though.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → INVALID
Reporter | ||
Updated•10 years ago
|
Summary: Invalid sec_error_inadequate_key_usage error with cert signed by "private" CA → sec_error_inadequate_key_usage error triggered by server cert with Certificate Sign among its key usages
You need to log in
before you can comment on or make changes to this bug.
Description
•