Re: your mail

Dr. Stephen Henson Thu, 22 Oct 2009 17:40:41 -0700

On Wed, Oct 21, 2009, Adam Rosenstein wrote:

> I'm using v1.0.0 Beta 3.
> 
>


Hmm... there seems to be an SKID/AKID issue here:

> 
> 
> ROOT (CA0) <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> 
> Version: 3 (0x2)
> Serial Number: 1 (0x1)
> Signature Algorithm: sha1WithRSAEncryption
> Issuer: O=Red Condor, OU=PKI, CN=CA0
> Validity
>     Not Before: Oct 11 19:36:01 2009 GMT
>     Not After : Oct 21 19:36:01 2010 GMT
> Subject: O=Red Condor, OU=PKI, CN=CA0
> X509v3 extensions:
>     X509v3 Basic Constraints: critical
>         CA:TRUE, pathlen:8
>     X509v3 Subject Key Identifier: 
>         A0:A0:7A:71:6C:23:26:E4:00:9A:EA:17:B9:B4:A8:7F:1D:0C:65:DE
>     X509v3 Authority Key Identifier: 
>         keyid:A0:A0:7A:71:6C:23:26:E4:00:9A:EA:17:B9:B4:A8:7F:1D:0C:65:DE
>     X509v3 Key Usage: critical
>         Certificate Sign, CRL Sign

> 
> End Entity (AdamRosenstein) <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> 
> Version: 3 (0x2)
> Serial Number: 3 (0x3)
> Signature Algorithm: sha1WithRSAEncryption
> Issuer: O=Red Condor, OU=PKI, CN=CA0
> Validity
>     Not Before: Oct 11 19:37:10 2009 GMT
>     Not After : Oct 21 19:37:10 2010 GMT
> Subject: O=Red Condor, OU=PKI, CN=AdamRosenstein
> X509v3 extensions:
>     X509v3 Basic Constraints: critical
>         CA:FALSE
>     X509v3 Subject Key Identifier: 
>         BE:21:0B:DF:87:07:84:81:FC:82:4A:74:07:C4:23:F4:7F:3A:6E:56
>     X509v3 Authority Key Identifier: 
>         keyid:E1:C1:46:BC:E5:6F:03:27:7A:23:C4:0B:A2:BF:F9:0F:03:BC:F8:83
>     X509v3 Key Usage: critical
>         Digital Signature, Key Encipherment
>     X509v3 CRL Distribution Points: 
>         Full Name:
>           URI:http://pki.redcondor.net/CA0-indirect.crl
>         CRL Issuer:
>           DirName: O = Red Condor, OU = PKI, CN = CA0iCRL
> -----BEGIN CERTIFICATE-----
> MIICNzCCAeGgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAxMRMwEQYDVQQKEwpSZWQg
> Q29uZG9yMQwwCgYDVQQLEwNQS0kxDDAKBgNVBAMTA0NBMDAeFw0wOTEwMTExOTM3
> MTBaFw0xMDEwMjExOTM3MTBaMDwxEzARBgNVBAoTClJlZCBDb25kb3IxDDAKBgNV
> BAsTA1BLSTEXMBUGA1UEAxMOQWRhbVJvc2Vuc3RlaW4wXDANBgkqhkiG9w0BAQEF
> AANLADBIAkEApfAUsD6T8qVwX6iC4RRwhM41cwR+ndkZQ8ov8ot8eRH+3gV9NzFF
> 0sZFfHtzhC6zovonvkujYNCihHsIvbe12wIDAQABo4HYMIHVMAwGA1UdEwEB/wQC
> MAAwHQYDVR0OBBYEFL4hC9+HB4SB/IJKdAfEI/R/Om5WMB8GA1UdIwQYMBaAFOHB
> RrzlbwMneiPEC6K/+Q8DvPiDMA4GA1UdDwEB/wQEAwIFoDB1BgNVHR8EbjBsMGqg
> LaArhilodHRwOi8vcGtpLnJlZGNvbmRvci5uZXQvQ0EwLWluZGlyZWN0LmNybKI5
> pDcwNTETMBEGA1UEChMKUmVkIENvbmRvcjEMMAoGA1UECxMDUEtJMRAwDgYDVQQD
> EwdDQTBpQ1JMMA0GCSqGSIb3DQEBBQUAA0EAiziI4gGkpZRsw+o20tAOyD1yZJsA
> Dq5jgehNI2lEVzrf3b0xuR4CIk/bC/uZZ+KoLcBcp8afsXBkS9WJdLxEyg==
> -----END CERTIFICATE-----
> 

You message doesn't include any CA certificate with an SKID matching the EE
AKID. Is there an extra intermediate CA missing?

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Re: your mail

Reply via email to