Closed Bug 186709 Opened 22 years ago Closed 21 years ago

SSL Client Auth Fails

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: coderobo, Assigned: wtc)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3a) Gecko/20021212
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3a) Gecko/20021212

Using a cert generated via openssl and after importing the pkcs12 file into
Mozilla, trie dto do client-auth with an Apache server. Failed with browser
reporting error -12195 (error establishing encrypted session..."

Same certs worked fine in Netscape 4.7.4 and IE 6.X

Reproducible: Always

Steps to Reproduce:
1. Generate an openssl client cert as follows -

openssl genrsa -out ya.key 1024
openssl req -new -config ./user.conf -key ya.key -out ya.csr
openssl ca -config ca.conf -out rb.crt -infiles rb.csr # CA sign it
openssl verify -verbose -CAfile ../CA/ca.crt -purpose sslclient rb.crt
openssl pkcs12 -export -in rb.crt -out rb.p12 -inkey rb.key -name "Rose O Donnel
" -password pass:hello -certfile ../CA/ca.crt

2. Import it in Mozilla

3. Try accessing the site

Actual Results:  
Error code -12195 

Expected Results:  
Connected to the site.
According to
http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html#1042994
error -12195 means 
"Peer does not recognize and trust the CA that issued your certificate."

In this case, the peer is the SSL server.  It has received your cert and didn't
like it.  It sent back an alert message to the browser saying so.  Maybe you 
forgot to install some intermediate CA certs, or root CA certs in the browser?

In any case, no erroneous behavior of mozilla is demonstrated here.
Severity: blocker → normal
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.