Hi,
See below for a complete print of your certificate chain. As you can
see, your CA certificate has the CA flag set to FALSE. This is why the
chain is rejected. Further, the basic constrain extension is not marked
as critical. See RFC 5280:
The cA boolean indicates whether the certified public key may be used
to verify certificate signatures.
...
If the basic constraints extension is not present in a
version 3 certificate, or the extension is present but the cA boolean
is not asserted, then the certified public key MUST NOT be used to
verify certificate signatures.
...
Conforming CAs MUST include this extension in all CA certificates
that contain public keys used to validate digital signatures on
certificates and MUST mark the extension as critical in such
certificates.
/Simon
X.509 Certificate Information:
Version: 3
Serial Number (hex): 01
Issuer: C=SE,ST=Westrogothia,O=Stiftelsen Chalmers
Studenthem,OU=Network Group,CN=csbnet.se,email=st...@csbnet.se
Validity:
Not Before: Wed May 14 09:40:31 UTC 2008
Not After: Sun Apr 28 09:40:31 UTC 2013
Subject: C=SE,ST=Westrogothia,L=Gothoburgum,O=Stiftelsen Chalmers
Studenthem,OU=Network group,CN=ldap.mgn,email=st...@csbnet.se
Subject Public Key Algorithm: RSA
Modulus (bits 1024):
ba:f6:5d:bb:29:68:dc:62:f7:98:d8:7e:09:ad:a3:f7
46:49:db:9e:be:86:f3:3b:e0:07:ea:68:75:63:7b:97
c4:17:cf:8c:24:c5:88:b8:e8:d3:c3:72:78:48:e5:f1
07:49:a4:8f:1c:aa:56:08:88:19:96:75:79:1f:df:db
0d:fa:7d:a6:36:cb:e1:f9:a4:37:19:b6:9e:d8:9f:f1
fc:95:b3:56:c0:1b:79:f6:c5:2c:81:df:26:ee:b8:91
ba:af:46:2e:0d:db:fb:33:13:4f:49:3e:75:fc:15:a7
df:70:cf:b5:6f:73:f4:bb:ab:7b:bc:05:02:f1:9f:eb
Exponent:
01:00:01
Extensions:
Basic Constraints (not critical):
Certificate Authority (CA): FALSE
Unknown extension 2.16.840.1.113730.1.13 (not critical):
ASCII: ..OpenSSL Generated Certificate
Hexdump:
161d4f70656e53534c2047656e657261746564204365727469666963617465
Subject Key Identifier (not critical):
37bc93facf06660f26239af31bd53ac802844d66
Authority Key Identifier (not critical):
968fd7dd79f187bd65c7e2f7fa9793652d97f304
Signature Algorithm: RSA-SHA
Signature:
c6:52:83:be:04:32:f4:94:70:ce:f8:12:0e:50:46:24
1c:89:3c:5c:6a:f6:48:f5:38:01:b2:c6:5c:75:8b:fc
96:36:74:12:0f:94:36:35:b8:71:a6:1c:06:d1:b6:6b
b2:a2:23:9e:3a:60:22:cd:e5:67:1d:29:23:18:13:80
ec:51:83:47:b4:8c:64:5c:28:eb:81:f5:8a:1e:64:ac
5e:cd:3f:e5:5b:37:21:73:de:57:a6:99:2f:fc:b7:42
5c:64:db:5f:22:ad:1f:b8:1e:c3:67:cd:26:98:f2:74
9d:0b:98:88:e4:97:60:ee:07:4c:88:b5:da:8b:9c:29
Other Information:
MD5 fingerprint:
8433945de843e3bcab561ae63f2cfebc
SHA-1 fingerprint:
796e97a9f64903fb51566580e8559f22a099f3b9
Public Key Id:
452be8c84e5bbc9b685544847830c3a166abe8b2
-----BEGIN CERTIFICATE-----
MIIDOjCCAqOgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCU0Ux
FTATBgNVBAgTDFdlc3Ryb2dvdGhpYTEnMCUGA1UEChMeU3RpZnRlbHNlbiBDaGFs
bWVycyBTdHVkZW50aGVtMRYwFAYDVQQLEw1OZXR3b3JrIEdyb3VwMRIwEAYDVQQD
Ewljc2JuZXQuc2UxHjAcBgkqhkiG9w0BCQEWD3N0YWZmQGNzYm5ldC5zZTAeFw0w
ODA1MTQwOTQwMzFaFw0xMzA0MjgwOTQwMzFaMIGuMQswCQYDVQQGEwJTRTEVMBMG
A1UECBMMV2VzdHJvZ290aGlhMRQwEgYDVQQHEwtHb3Rob2J1cmd1bTEnMCUGA1UE
ChMeU3RpZnRlbHNlbiBDaGFsbWVycyBTdHVkZW50aGVtMRYwFAYDVQQLEw1OZXR3
b3JrIGdyb3VwMREwDwYDVQQDEwhsZGFwLm1nbjEeMBwGCSqGSIb3DQEJARYPc3Rh
ZmZAY3NibmV0LnNlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC69l27KWjc
YveY2H4JraP3Rknbnr6G8zvgB+podWN7l8QXz4wkxYi46NPDcnhI5fEHSaSPHKpW
CIgZlnV5H9/bDfp9pjbL4fmkNxm2ntif8fyVs1bAG3n2xSyB3ybuuJG6r0YuDdv7
MxNPST51/BWn33DPtW9z9Lure7wFAvGf6wIDAQABo3sweTAJBgNVHRMEAjAAMCwG
CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
HQ4EFgQUN7yT+s8GZg8mI5rzG9U6yAKETWYwHwYDVR0jBBgwFoAUlo/X3Xnxh71l
x+L3+peTZS2X8wQwDQYJKoZIhvcNAQEFBQADgYEAxlKDvgQy9JRwzvgSDlBGJByJ
PFxq9kj1OAGyxlx1i/yWNnQSD5Q2NbhxphwG0bZrsqIjnjpgIs3lZx0pIxgTgOxR
g0e0jGRcKOuB9YoeZKxezT/lWzchc95Xppkv/LdCXGTbXyKtH7gew2fNJpjydJ0L
mIjkl2DuB0yItdqLnCk=
-----END CERTIFICATE-----
X.509 Certificate Information:
Version: 3
Serial Number (hex): 00
Issuer: C=SE,ST=Westrogothia,O=Stiftelsen Chalmers
Studenthem,OU=Network Group,CN=csbnet.se,email=st...@csbnet.se
Validity:
Not Before: Wed May 14 09:39:23 UTC 2008
Not After: Sun Apr 28 09:39:23 UTC 2013
Subject: C=SE,ST=Westrogothia,O=Stiftelsen Chalmers
Studenthem,OU=Network Group,CN=csbnet.se,email=st...@csbnet.se
Subject Public Key Algorithm: RSA
Modulus (bits 1024):
e8:e7:a1:95:be:41:d3:e4:eb:75:dd:6c:6a:c6:76:42
a8:96:f8:01:11:d8:06:29:bc:9f:26:8a:0e:b9:5b:fc
9b:f9:4d:93:76:d2:14:a2:8b:1b:90:f3:bd:6f:b9:24
c7:09:06:d7:4c:41:60:1d:da:b7:2b:3e:a2:f4:d1:5d
23:76:5d:a0:22:5e:dc:91:8a:84:a0:61:ae:8d:58:92
ed:93:3e:2f:34:d2:81:97:b4:9c:7f:e5:5b:8b:02:94
0e:f6:c9:38:4b:94:53:17:bc:ef:1d:10:59:df:94:45
2e:26:2a:7f:64:4f:db:2f:ed:cc:7d:27:8b:cf:86:03
Exponent:
01:00:01
Extensions:
Basic Constraints (not critical):
Certificate Authority (CA): FALSE
Unknown extension 2.16.840.1.113730.1.13 (not critical):
ASCII: ..OpenSSL Generated Certificate
Hexdump:
161d4f70656e53534c2047656e657261746564204365727469666963617465
Subject Key Identifier (not critical):
968fd7dd79f187bd65c7e2f7fa9793652d97f304
Authority Key Identifier (not critical):
968fd7dd79f187bd65c7e2f7fa9793652d97f304
Signature Algorithm: RSA-SHA
Signature:
41:4d:55:1c:5a:9b:5b:6e:49:77:04:db:50:28:70:6f
9e:24:6a:73:74:30:42:5b:d5:d3:22:cc:cf:9b:92:64
89:5e:e2:35:25:82:01:8e:5f:22:5a:a8:b8:60:33:f0
38:04:9b:6a:75:9b:36:c4:ca:4c:2f:fd:37:20:d2:18
70:6b:2a:06:28:bd:79:37:2b:87:57:a0:26:20:33:79
1f:f6:de:01:78:66:cb:fa:53:87:0a:e0:01:31:ba:32
98:89:bc:41:82:a6:12:0f:1d:f8:27:a3:5a:16:5c:b5
7c:de:9d:10:69:14:71:18:b8:57:51:9b:45:0a:88:d2
Other Information:
MD5 fingerprint:
7d79a4bc0c46098d580aa5708124a8e3
SHA-1 fingerprint:
58207c1117be45c10a1515d7f1a032e388e33df9
Public Key Id:
a5d0bc1d50575fb64459210266190134c426a112
-----BEGIN CERTIFICATE-----
MIIDJTCCAo6gAwIBAgIBADANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCU0Ux
FTATBgNVBAgTDFdlc3Ryb2dvdGhpYTEnMCUGA1UEChMeU3RpZnRlbHNlbiBDaGFs
bWVycyBTdHVkZW50aGVtMRYwFAYDVQQLEw1OZXR3b3JrIEdyb3VwMRIwEAYDVQQD
Ewljc2JuZXQuc2UxHjAcBgkqhkiG9w0BCQEWD3N0YWZmQGNzYm5ldC5zZTAeFw0w
ODA1MTQwOTM5MjNaFw0xMzA0MjgwOTM5MjNaMIGZMQswCQYDVQQGEwJTRTEVMBMG
A1UECBMMV2VzdHJvZ290aGlhMScwJQYDVQQKEx5TdGlmdGVsc2VuIENoYWxtZXJz
IFN0dWRlbnRoZW0xFjAUBgNVBAsTDU5ldHdvcmsgR3JvdXAxEjAQBgNVBAMTCWNz
Ym5ldC5zZTEeMBwGCSqGSIb3DQEJARYPc3RhZmZAY3NibmV0LnNlMIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQDo56GVvkHT5Ot13WxqxnZCqJb4ARHYBim8nyaK
Drlb/Jv5TZN20hSiixuQ871vuSTHCQbXTEFgHdq3Kz6i9NFdI3ZdoCJe3JGKhKBh
ro1Yku2TPi800oGXtJx/5VuLApQO9sk4S5RTF7zvHRBZ35RFLiYqf2RP2y/tzH0n
i8+GAwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM
IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUlo/X3Xnxh71lx+L3+peT
ZS2X8wQwHwYDVR0jBBgwFoAUlo/X3Xnxh71lx+L3+peTZS2X8wQwDQYJKoZIhvcN
AQEFBQADgYEAQU1VHFqbW25JdwTbUChwb54kanN0MEJb1dMizM+bkmSJXuI1JYIB
jl8iWqi4YDPwOASbanWbNsTKTC/9NyDSGHBrKgYovXk3K4dXoCYgM3kf9t4BeGbL
+lOHCuABMboymIm8QYKmEg8d+CejWhZctXzenRBpFHEYuFdRm0UKiNI=
-----END CERTIFICATE-----
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
