SLL certificates and X509

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

SLL certificates and X509

Maarten Mostert-2
Hi,

So I bought this domain SSL certificate with Comodo

When trying to load it with the wizard I keep on hitting the UHE

'Tag 13 does not match type EncryptedPrivateKeyInfo!'

So I tried a more manual way following the documentation.

When reading the certificate with:

 Security.X509.CertificateFileReader
readCertificatesFrom: aCertFIleName.

The inspector shows me:

X509v3: stakepoint.com <COMODO RSA Domain Validation Secure Server CA>

When doing the following 

certificates  first  subject printOpenSSLString  it states:  ‘OU=Domain Control Validated, OU=PositiveSSL, CN=stakepoint.com

So far so good right.

Now when I want to do:

certificates do: [ :certificate | Security.X509.X509Registry default addTrusted: certificate ].

It will agree with the bundle certificates of Comodo but on my domain certificate I get an UHE which tells me:

  Basic Constraints are invalid for a CA certificate !    ?????


Commode’s  privatekey is given in a txt file as a plain String (not in a pen format).
For as far as I understand the api I can make a valid key from the text with something like:

myPrivateKey:= Security.X509.X509PrivateKey fromString:(self privateKeyString).

This gives me nil ???  but Why ????

The next step then fails 

certificateStore := Xtreams.TLSCertificateStore newWithDefaults
certificate: certificates fist 
key: myPrivateKey; yourself.

With the UHE:  A private key is missing for this certificate.


Regards,

@+Maarten,

 











_______________________________________________
vwnc mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc
Reply | Threaded
Open this post in threaded view
|

Re: SLL certificates and X509

Maarten Mostert-2
Toc toc its me again.


So I rebuild exactly what is written page 26 of the Webserver Guide in VW8.01

There are some things changed as the doc is slightly outdated, never the less.


(SiouX.Server id: 'Experiments') release.
chain := Array with: Security.X509.Certificate sampleRSA2048.
key := Xtreams.PrivateKey sampleRSA2048.
certificates := (Xtreams.TLSCertificateStore newWithDefaults)
certificate: chain key: key;
yourself.
certificates known: chain first.
serverContext := (Xtreams.TLSContext newServerWithDefaults)
certificates: certificates;
yourself.
server := SiouX.Server id: 'Experiments'.
server addResponder: SiouX.Hello new.
listener := server listenOn: 8000 for: SiouX.HttpsConnection.
listener tlsContext: serverContext.
server start.
clientContext := (Xtreams.TLSContext newClientWithDefaults)
certificates: certificates;
yourself.
client := Smalltalk.SiouX.HttpsListener new.
client tlsContext: clientContext.
client tlsVerifier: [:cert | true].


Actually I now get the same error as for my own listeners that is a web site inaccessible (time out error)


Regards,

@+Maarten


Le 24 mai 2015 à 22:44, Maarten Mostert <[hidden email]> a écrit :

Hi,

So I bought this domain SSL certificate with Comodo

When trying to load it with the wizard I keep on hitting the UHE

'Tag 13 does not match type EncryptedPrivateKeyInfo!'

So I tried a more manual way following the documentation.

When reading the certificate with:

 Security.X509.CertificateFileReader
readCertificatesFrom: aCertFIleName.

The inspector shows me:

X509v3: stakepoint.com <COMODO RSA Domain Validation Secure Server CA>

When doing the following 

certificates  first  subject printOpenSSLString  it states:  ‘OU=Domain Control Validated, OU=PositiveSSL, CN=stakepoint.com

So far so good right.

Now when I want to do:

certificates do: [ :certificate | Security.X509.X509Registry default addTrusted: certificate ].

It will agree with the bundle certificates of Comodo but on my domain certificate I get an UHE which tells me:

  Basic Constraints are invalid for a CA certificate !    ?????


Commode’s  privatekey is given in a txt file as a plain String (not in a pen format).
For as far as I understand the api I can make a valid key from the text with something like:

myPrivateKey:= Security.X509.X509PrivateKey fromString:(self privateKeyString).

This gives me nil ???  but Why ????

The next step then fails 

certificateStore := Xtreams.TLSCertificateStore newWithDefaults
certificate: certificates fist 
key: myPrivateKey; yourself.

With the UHE:  A private key is missing for this certificate.


Regards,

@+Maarten,

 










_______________________________________________
vwnc mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc


_______________________________________________
vwnc mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc