[Help-gnutls] Key usage violation in certificate
Kevin P. Fleming
kpfleming at digium.com
Tue Nov 4 01:58:45 CET 2008
Nikos Mavrogiannopoulos wrote:
> It seems gnutls fails because the (client) certificate it uses for
> authentication it doesn't support signing (and TLS client certificates
> must support it).
>
> Check (with certtool -i) if the client certificate contains the
> following lines:
>
> Key Usage (critical):
> Digital signature.
Yes, I used openssl's pkcs12 command to extract the cert from the .p12
file that it lives in, then used 'certtool -i --infile cert.pem', and
this is the output:
X.509 Certificate Information:
Version: 3
Serial Number (hex): 00c9
Issuer: C=US,ST=Alabama,L=Huntsville,O=Digium\, Inc.,OU=Asterisk
Development Team,CN=Digium SVN CA,EMAIL=asteriskteam at digium.com
Validity:
Not Before: Sun May 18 06:10:53 UTC 2008
Not After: Tue Mar 08 06:10:53 UTC 2011
Subject: C=US,ST=Alabama,L=Huntsville,O=Digium,OU=Asterisk
Development Team,CN=Kevin P. Fleming,EMAIL=kpfleming
Subject Public Key Algorithm: RSA
Modulus (bits 4096):
9a:cb:78:a3:4e:4c:cc:b0:ce:0c:b4:15:fb:08:ab:04
c5:37:6a:3c:82:5b:ac:f8:52:21:44:c8:67:e9:24:a7
d6:fb:63:34:20:0c:1b:f3:27:2c:3a:bc:c8:94:93:78
a1:86:a5:a4:52:64:35:e5:25:89:c2:75:46:48:d9:4a
2c:d7:80:d9:c0:57:b7:5d:9c:1b:fa:a1:27:e7:b8:b6
e1:e0:6f:4b:ad:80:43:19:15:df:31:8f:97:53:54:80
4a:f9:ed:3f:82:c7:98:3e:7d:5c:6c:02:9e:bc:e7:d5
93:b2:ae:74:2d:71:99:75:c8:ea:c9:4b:e6:5f:6a:e5
96:a7:1f:51:f5:8b:88:9c:59:75:dd:eb:04:aa:3f:81
b3:8a:08:94:54:ac:ad:c9:c0:3c:31:e4:96:4c:92:34
76:42:b7:08:e7:e4:2f:f0:0b:96:49:62:57:8f:31:6f
16:92:04:62:46:47:0b:fe:14:97:2b:a7:72:c5:e2:97
6c:22:8f:01:e9:ab:1c:0f:9c:99:84:85:03:76:39:75
d6:29:f5:c8:c3:27:b0:26:63:f5:2a:7d:a3:ed:40:4e
ba:42:4d:56:c3:ac:20:62:7f:23:e0:bc:1c:2e:4e:b5
f4:42:8a:d6:07:1e:57:cc:30:1f:5a:24:3c:a1:49:29
d1:15:51:50:17:13:21:1d:52:d6:f5:81:01:eb:e9:5f
6a:c0:69:06:96:19:c9:fc:bc:56:af:ee:c1:19:22:c6
51:21:aa:3c:a6:f4:93:07:8e:94:9c:1c:64:08:95:07
67:c8:36:d7:2b:0c:97:48:f5:31:2d:06:51:5d:fa:5e
36:2c:ce:d3:07:54:13:fa:33:1e:28:9c:3b:0f:4e:51
d0:66:33:a8:83:93:b9:22:03:0b:a0:3b:a7:60:f0:15
71:b1:47:d0:b6:13:f8:96:66:92:d7:20:54:39:37:06
a9:24:5a:09:36:30:be:06:ba:71:f3:e2:49:b1:54:fb
a2:3a:bc:66:69:61:f9:e6:4f:2c:21:f5:d9:ad:15:e0
1d:ca:5f:28:bc:cc:1b:61:ce:9b:1f:7f:d9:f2:15:39
62:92:ad:7d:7d:1a:02:d2:76:29:2e:4f:7e:d7:28:c3
1a:44:41:68:a0:65:d3:9f:94:08:e4:05:0b:69:97:d3
9c:bc:23:e1:2e:e4:5b:95:fc:9e:d0:fc:2c:bd:d9:07
07:dd:33:36:24:57:f7:9e:65:da:f2:5c:34:86:7f:11
18:e6:e4:b0:86:72:5d:24:14:7f:71:89:68:03:bc:db
1b:8d:56:cf:a3:61:34:87:cd:59:ce:5d:ae:04:20:d5
Exponent:
01:00:01
Extensions:
Basic Constraints (not critical):
Certificate Authority (CA): FALSE
Unknown extension 2.16.840.1.113730.1.1 (not critical):
ASCII: ....
Hexdump: 030204b0
Unknown extension 2.16.840.1.113730.1.13 (not critical):
ASCII: ..TinyCA Generated Certificate
Hexdump:
161c54696e7943412047656e657261746564204365727469666963617465
Subject Key Identifier (not critical):
e43fc9b24e312ac01a20ea00c25c67b52931ebbf
Authority Key Identifier (not critical):
50d3eefd0895062616490490bf3502113092bd27
Unknown extension 2.5.29.18 (not critical):
ASCII: 0...asteriskteam at digium.com
Hexdump:
30198117617374657269736b7465616d4064696769756d2e636f6d
Subject Alternative Name (not critical):
RFC822name: kpfleming
Key Usage (critical):
Digital signature.
Key encipherment.
Signature Algorithm: RSA-SHA
Signature:
7a:0e:ea:96:f0:b4:17:61:ef:67:3d:a8:8d:dc:77:0b
4c:55:93:a5:d3:7f:90:bd:95:1c:71:7f:95:17:2e:30
df:f2:e2:b6:43:fa:28:44:9a:0d:3e:ca:3a:01:14:09
c5:49:a1:58:d2:63:b6:6a:d1:90:8d:81:e1:b0:c4:30
d7:ad:9e:5b:2d:20:ac:64:4d:8b:24:ab:1b:27:ab:38
74:8a:f3:fe:2b:81:91:bd:e7:a8:31:01:24:b6:65:ec
d6:4f:e9:14:13:4a:2e:b3:70:79:66:26:6a:cb:f4:ee
04:ec:32:be:17:08:16:8c:d0:5e:ad:e6:40:82:68:62
11:fa:c4:b6:65:6a:af:b3:77:56:41:cc:c6:e6:59:6b
3f:e4:ce:00:ae:0f:ca:30:9e:0f:12:ab:9f:24:6d:d6
98:bd:9b:07:71:5f:9b:75:0d:c6:bc:98:c2:d8:04:4f
a7:14:db:13:95:d5:06:f8:06:cd:2a:8e:84:ac:d1:8d
16:b7:64:de:75:c2:95:3b:ad:b6:94:ad:25:b6:fa:e8
f7:1f:29:2d:bf:90:1a:cb:2a:3c:7b:c8:95:41:2c:c4
af:8a:64:60:f9:3f:cb:c6:f1:d4:5a:02:f0:6f:bd:4c
ee:08:87:47:b7:41:1c:6a:eb:e5:34:ef:0c:90:94:69
Other Information:
MD5 fingerprint:
1c848e7867c95a05ba91488c60c5be80
SHA-1 fingerprint:
8d4c78bab2b4b982676d2c8ecfd62740a2ac8a9f
Public Key Id:
03f0a358652c75d0a87207a7a3ef362f81bcd04c
--
Kevin P. Fleming
Director of Software Technologies
Digium, Inc. - "The Genuine Asterisk Experience" (TM)
More information about the Gnutls-help
mailing list