On 19 fév, 11:58, Nelson Bolyard <[EMAIL PROTECTED]> wrote: > Sidjy wrote, On 2008-02-19 01:23: > > > it seems that importing PKCS12 certificates with a friendlyname > > containing ":" characters has a strange behaviour : certificate is > > successfully imported, and is visible in the certificate repository > > (with its friendly name) BUT it is not usable for SSL authentication > > (not listed in the certificate authentication dialog box). > > It's conceivable to me that the problem has something to do with the use > of the colon (":") character, but I think a more likely explanation is > that the certificate you imported is not issued by any of the CAs named > by the server when it requests client authentication. > > When a server requests client authentication, it sends to the client a > list of issuer names. It says, in effect "if you have a certificate > issued by any of these issuers, send that certificate to me". It is a > protocol violation for the client to send a certificate that is not > issued by any of the issuers named by the server. Mozilla follows > that rule rigorously, and will only let you choose from among certificates > that are issued by one of the issuers named by the server. This is very > different from IE, which will show you all your personal certificates, > without regard to whether they are issued by one of the issuers named by the > server. > > So, my first suspicion is that the list of issuer names that your > server is sending to the client does not include the name of the issuer > of the cert you're trying to use. > > You can read more about this on the > page:http://wiki.mozilla.org/PSM:CertPrompt
Thanks for your answer : I forgot to mention it, but actually the certificate IS issued by a CAs named by the server. I also tested client authentication on https://www.apache-ssl.org/cgi/cert-export (which accepts any CA) : same behaviour. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto