Hi, For information, like suggested Douglas E., i tried to sign the certificate with different methods but without success, i tried the methods with CAserial and -set_serial : openssl x509 -days 100 -CAserial ca.srl -CA ca.crt -CAkey ca.pem -in client.req -req -out client.crt or openssl x509 -req -in client.req -days 100 -CA ca.crt -CAkey ca.pem -set_serial 01 > client.crt
and most of the time the "OID" disappeared but a new bug appeared :in the value of the "(O)" attribute, and sometimes in the "(OU)", one character of the value is replaced by "\00". I've noticed too that when i load the last Muscle cardlet of the SVN, Firefox doesn't even recognize the certificate, and if i go in Firefox->Advanced->Encryption, the cert of my smartcard is not in the the part "your certificates" but in the part "people" and there is again a string "\00" added in the value of the "(CN)" attribute this time. Whereas if i use an old Muscle cardlet from here : http://www.opensc-project.org/opensc/wiki/Cyberflex , even if it is buggy Firefox recognize the cert. but in all configurations if i convert the cert in format PKCS12 it works ! so if i want to use opensc with firefox , i'll have to do it without cyberflex and without Muscle i think. When i'll have time , i'll ever look for debug this... thanks Gilles Le 22 octobre 2009 22:18, gilles Bernabé <gilles.bern...@gmail.com> a écrit : > ok, here it is PEM encoding > > Le 22 octobre 2009 22:06, Douglas E. Engert <deeng...@anl.gov> a écrit : > > >> gilles Bernabé wrote: >> >>> Hi, >>> >>> @ Douglas E.: >>> Sorry for my late answer, i was busy with other projects for my school, >>> but when i ask the card to show me the certificate that's inside, the >>> result of the command : >>> pkcs15-tool -r <id> >>> give me the same certificate that i had loaded, so the "OID" just apears >>> in firefox. >>> >>> >> >> As I said in the first response: >> >> Can you send the certificate?(PEM encodeing would be best.) >> >> >> >>> I've compiled the last Muscle cardlet from here:[1] with Ant, i got a >>> CardeEdgeCflex.ijc (and other .cap and .exp) >>> i've loaded the .ijc in the 32k card. >>> I've installed too the Opensc version 0.11.9 and the Openct version >>> 0.6.17, >>> but the result is the same, i've got again an "OID 2.5.4.0" when i want >>> to be authenticated, and the server doesn't recognize my certificate... >>> and when i go in firefox->options->....->your certificates, for the part >>> Organisation(O) of the Muscle certificate it is written "not par of the >>> certificate" instead of the value of my attribute "O". >>> >>> Pherhaps i'll try to understand better this story of OID, >>> does someone have ever been able to use the Muscle applet with a >>> smartcard and success a SSL authentication ? i mean like this one: [2] (at >>> the end of the page: Appache FireFox). >>> I know this method works with cards like Aladdin "out of the box" without >>> Muscle, but what interests me is to use the Muscle Applet( to customize it >>> later) and use it at the same time with PKCS15 or PKCS11. >>> >>> thanks, >>> >>> kind regards, >>> Gilles >>> >>> [1]: http://lists.drizzle.com/pipermail/muscle/2009-May/007644.html >>> [2]: >>> http://www.unixgarden.com/index.php/securite/smartcards-applications >>> >>> 2009/10/5 Douglas E. Engert <deeng...@anl.gov <mailto:deeng...@anl.gov>> >>> >>> >>> >>> >>> Peter Stuge wrote: >>> > gilles Bernabé wrote: >>> >> when i load it on the card, in the fieds of the certificate : >>> E:..., >>> >> CN:.., ....., i've got "OID.2.5.4.0" on the card and just "O" (for >>> >> organisation) when i load it in the webbrowser in format pkcs12, >>> > >>> > So is this a bug in something ASN.1 in OpenSC, or in the applet? >>> > >>> >>> Sounds like a malformed or unusual certificate. >>> >>> OID 2.5.4.0 is for objectClass which is not normally use in a DN. >>> >>> So different applications might print different strings(or the OID >>> number) >>> for this OID. (O= for objectClass could be used, but is misleading >>> as O= is usuall used for Organization.) >>> >>> See: http://www.alvestrand.no/objectid/2.5.4.0.html >>> >>> Can you send the certificate?(PEM encodeing would be best.) >>> >>> > >>> > //Peter >>> > _______________________________________________ >>> > opensc-devel mailing list >>> > opensc-devel@lists.opensc-project.org >>> <mailto:opensc-devel@lists.opensc-project.org> >>> >>> > http://www.opensc-project.org/mailman/listinfo/opensc-devel >>> >>> -- >>> >>> Douglas E. Engert <deeng...@anl.gov <mailto:deeng...@anl.gov>> >>> >>> Argonne National Laboratory >>> 9700 South Cass Avenue >>> Argonne, Illinois 60439 >>> (630) 252-5444 >>> _______________________________________________ >>> opensc-devel mailing list >>> opensc-devel@lists.opensc-project.org >>> <mailto:opensc-devel@lists.opensc-project.org> >>> >>> http://www.opensc-project.org/mailman/listinfo/opensc-devel >>> >>> >>> >> -- >> >> Douglas E. Engert <deeng...@anl.gov> >> Argonne National Laboratory >> 9700 South Cass Avenue >> Argonne, Illinois 60439 >> (630) 252-5444 >> > >
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
