Hi Stefan,
The value of the Basic Constraint extension of this website self-signed
certificate is "End Entity" and, more importantly, it is set to
Critical. So, technically speaking, this certificate can not be a CA and
it can't certify itself.
The Nokia implementation seems to be strict compared with others but it
can't be blamed for checking the correctness of a certificate.
The administrators of this website can solve this issue by creating a
new certificate without the Basic Constraint extension. A more clean
solution would be to a have the server's certificate issued by a root CA
of their own, like in any normal PKI architecture.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 10/13/2010 7:11 PM, Stefan Bauer wrote:
Dear Openssl-Users,
i recently came across a problem with the offered ssl-cert on
www.mastersnet.de
It's a self signed cert and all of the nokia cell phones, i get my
hands on refuse to accept this cert when trying to import it
manually in the cert store. It is working without problems for
example with a signed cert from cacert (where the root-CA-cert is
also not in the default cert store) I'm asking for your help hereby,
if some of you could please have a look at this cert and tell me, if
there is something suspicous, leading to the reported problem.
It might be a bug in the nokia cell phones. It's working with iPhone
or windows mobile devices.
Thanks in advance
Stefan
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
