Closed Bug 991902 Opened 6 years ago Closed 6 years ago
Previously working self signed cert gives SEC
_ERROR _INADEQUATE _KEY _USAGE
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:28.0) Gecko/20100101 Firefox/28.0 (Beta/Release) Build ID: 20140306171728 Steps to reproduce: Loaded up previously working development webpage which is served with https, using a key/cert generated by a self signed CA which is in the trusted CA cert list. Actual results: Get SEC_ERROR_INADEQUATE_KEY_USAGE error. Expected results: No error.
This is the cert for the page itself.
Component: Untriaged → Security: PSM
Product: Firefox → Core
We are now more strict on our validations. Your CA cert has and EKU but is NOT asserting keyCertSign (it is asserting Digital Signature, Non Repudiation, Key Encipherment). Therefore when following http://tools.ietf.org/html/rfc5280#section-126.96.36.199 you will notice that: " If the keyUsage extension is present, then the subject public key MUST NOT be used to verify signatures on certificates or CRLs unless the corresponding keyCertSign or cRLSign bit is set. " dkeeler I think this shuld be closed as invalid.
Just to be clear, I think you typed "EKU" when you meant "KU", but yes, I agree. (Cam - thanks for filing this bug. "INVALID" is a harsh way of saying "not a bug".)
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.