certificate viewer: display more of authority key identifier and subject key identifier extensions
Categories
(Firefox :: Security, enhancement, P5)
Tracking
()
People
(Reporter: it, Unassigned)
References
Details
Attachments
(1 file)
179.66 KB,
image/png
|
Details |
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0
Steps to reproduce:
View certificates with certain forms of the AuthorityKeyIdentifier X.509 extension, for instance the "Chambers of Commerce Root - 2008" certificate in the default trust store called "Authorities".
Actual results:
For the mentioned certificate the Certificate Authority Key Identifier is shown as
Not Critical
Size: 9 Bytes / 72 Bits
00 a3 da 42 7e a4 b1 ae da
where the authorityCertSerialNumber is shown (with a leading '00' is erroneously shown, see bug 1520923) while the keyIdentifier and the authorityCertIssuer is not shown.
Expected results:
For the mentioned certificate the Certificate Authority Key Identifier should be shown as
Not Critical
Size: 20 Bytes / 160 Bits
f9 24 ac 0f b2 b5 f8 79 c0 fa 60 88 1b c4 d9 4d
02 9e 17 19
authorityCertIssuer: /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Chambers of Commerce Root - 2008
authorityCertSerialNumber: A3:DA:42:7E:A4:B1:AE:DA
Reporter | ||
Updated•6 years ago
|
Updated•2 years ago
|
Updated•2 years ago
|
Updated•2 years ago
|
Comment 1•2 years ago
|
||
This looks fine in the new certificate viewer.
Comment hidden (abuse-reviewed) |
Reporter | ||
Updated•1 year ago
|
Reporter | ||
Comment 3•1 year ago
|
||
OpenSSL correctly shows the Authority Key ID as follows:
X509v3 Authority Key Identifier:
keyid:F9:24:AC:0F:B2:B5:F8:79:C0:FA:60:88:1B:C4:D9:4D:02:9E:17:19
DirName:/C=EU/L=Madrid (see current address at www.camerfirma.com\/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Chambers of Commerce Root - 2008
serial:A3:DA:42:7E:A4:B1:AE:DA
while Mozilla just shows:
Key ID: F9:24:AC:0F:B2:B5:F8:79:C0:FA:60:88:1B:C4:D9:4D:02:9E:17:19
Comment 4•1 year ago
|
||
This is a reminder that Bugzilla is our professional working environment as much as it is our issue tracker, and that personal attacks directed at our colleagues, as well resetting issue resolution flags because you disagree with a decision, are not acceptable uses of Bugzilla.
Please take a moment to review our community participation and Bugzilla etiquette guidelines if you intend to continue contributing to this or other issues.
Reporter | ||
Comment 5•1 year ago
|
||
Would you be so kind and provide a screenshot of the certificate viewer output for the above example cert,
to justify your WORKSFORME move.
Comment 6•1 year ago
|
||
If you open the Certificate Manager in a current Firefox and double click (or select "view" for) the certificate in question, you will see detailed information about certificate and its issuer, including the information you've described above and links to the issuer's policies.
It is true that the URL provided for the issuer's address - www.camerfirma.com/address - is a 404 at the moment, though that is a server-side issue that doesn't impact the integrity of the certificate. I've brought that to the attention of our team to pass on to the authority in question.
Reporter | ||
Comment 7•1 year ago
|
||
As I mentioned yesterday, the issue is still not solved, despite wrong claims made by two Mozilla people.
See screenshot attached, taken with the latest Firefox available for download: 112.0.2.
Therefore, reopening the bug report for the 2nd time.
Reporter | ||
Comment 8•1 year ago
|
||
As mentioned, the issue is still not solved, despite wrong claims made by two Mozilla people.
See screenshot attached, taken with the latest Firefox available for download: 112.0.2.
There
Reporter | ||
Comment 9•1 year ago
|
||
Since you censored my first message of yesterday, here is again the technical essence.
For the example cert that I mentioned,
Serial Number: A82743287
Organization: AC Camerfirma S.A.
Common Name: Chambers of Commerce Root - 2008
in the Miscellaneous section, it still says:
Serial Number: 00:A3:DA:42:7E:A4:B1:AE:DA
rather than A3:DA:42:7E:A4:B1:AE:DA
Moreover, as I wrote in my subsequent message,
the X509v3 Authority Key Identifier output contains just
keyid:F9:24:AC:0F:B2:B5:F8:79:C0:FA:60:88:1B:C4:D9:4D:02:9E:17:19
while not showing the further fields
DirName:/C=EU/L=Madrid (see current address at www.camerfirma.com\/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Chambers of Commerce Root - 2008
serial:A3:DA:42:7E:A4:B1:AE:DA
Updated•1 year ago
|
Description
•