Status

NSS
Libraries
RESOLVED INVALID
15 years ago
15 years ago

People

(Reporter: bhargava, Assigned: Wan-Teh Chang)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

15 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3a) Gecko/20021212
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3a) Gecko/20021212

Using a cert generated via openssl and after importing the pkcs12 file into
Mozilla, trie dto do client-auth with an Apache server. Failed with browser
reporting error -12195 (error establishing encrypted session..."

Same certs worked fine in Netscape 4.7.4 and IE 6.X

Reproducible: Always

Steps to Reproduce:
1. Generate an openssl client cert as follows -

openssl genrsa -out ya.key 1024
openssl req -new -config ./user.conf -key ya.key -out ya.csr
openssl ca -config ca.conf -out rb.crt -infiles rb.csr # CA sign it
openssl verify -verbose -CAfile ../CA/ca.crt -purpose sslclient rb.crt
openssl pkcs12 -export -in rb.crt -out rb.p12 -inkey rb.key -name "Rose O Donnel
" -password pass:hello -certfile ../CA/ca.crt

2. Import it in Mozilla

3. Try accessing the site

Actual Results:  
Error code -12195 

Expected Results:  
Connected to the site.
According to
http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html#1042994
error -12195 means 
"Peer does not recognize and trust the CA that issued your certificate."

In this case, the peer is the SSL server.  It has received your cert and didn't
like it.  It sent back an alert message to the browser saying so.  Maybe you 
forgot to install some intermediate CA certs, or root CA certs in the browser?

In any case, no erroneous behavior of mozilla is demonstrated here.
Severity: blocker → normal
Status: UNCONFIRMED → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.