User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3a) Gecko/20021212 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3a) Gecko/20021212 Using a cert generated via openssl and after importing the pkcs12 file into Mozilla, trie dto do client-auth with an Apache server. Failed with browser reporting error -12195 (error establishing encrypted session..." Same certs worked fine in Netscape 4.7.4 and IE 6.X Reproducible: Always Steps to Reproduce: 1. Generate an openssl client cert as follows - openssl genrsa -out ya.key 1024 openssl req -new -config ./user.conf -key ya.key -out ya.csr openssl ca -config ca.conf -out rb.crt -infiles rb.csr # CA sign it openssl verify -verbose -CAfile ../CA/ca.crt -purpose sslclient rb.crt openssl pkcs12 -export -in rb.crt -out rb.p12 -inkey rb.key -name "Rose O Donnel " -password pass:hello -certfile ../CA/ca.crt 2. Import it in Mozilla 3. Try accessing the site Actual Results: Error code -12195 Expected Results: Connected to the site.
According to http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html#1042994 error -12195 means "Peer does not recognize and trust the CA that issued your certificate." In this case, the peer is the SSL server. It has received your cert and didn't like it. It sent back an alert message to the browser saying so. Maybe you forgot to install some intermediate CA certs, or root CA certs in the browser? In any case, no erroneous behavior of mozilla is demonstrated here.
Severity: blocker → normal
Status: UNCONFIRMED → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.