Closed
Bug 991902
Opened 10 years ago
Closed 10 years ago
Previously working self signed cert gives SEC_ERROR_INADEQUATE_KEY_USAGE
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: mozilla.bugzilla, Unassigned)
References
()
Details
Attachments
(2 files)
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:28.0) Gecko/20100101 Firefox/28.0 (Beta/Release) Build ID: 20140306171728 Steps to reproduce: Loaded up previously working development webpage which is served with https, using a key/cert generated by a self signed CA which is in the trusted CA cert list. Actual results: Get SEC_ERROR_INADEQUATE_KEY_USAGE error. Expected results: No error.
Updated•10 years ago
|
Comment 2•10 years ago
|
||
We are now more strict on our validations. Your CA cert has and EKU but is NOT asserting keyCertSign (it is asserting Digital Signature, Non Repudiation, Key Encipherment). Therefore when following http://tools.ietf.org/html/rfc5280#section-4.2.1.3 you will notice that: " If the keyUsage extension is present, then the subject public key MUST NOT be used to verify signatures on certificates or CRLs unless the corresponding keyCertSign or cRLSign bit is set. " dkeeler I think this shuld be closed as invalid.
Flags: needinfo?(dkeeler)
Just to be clear, I think you typed "EKU" when you meant "KU", but yes, I agree. (Cam - thanks for filing this bug. "INVALID" is a harsh way of saying "not a bug".)
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Flags: needinfo?(dkeeler)
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•