[Muscle] Loading an OpenCA (0.9.3-rc1)-generated cert on MuscleCard CFlex e-gate, and Firefox (2.0.0.4) does not show as owners certificate

Martin Buechler martin.buechler at vrweb.de
Tue Nov 20 07:58:19 PST 2007 

Hi at muscle,

I'm trying to set up a test card for developing a client SSL 
authentication app. But this time the above mentioned combination does 
not work. FF ist stupidly(?) refusing to display and use the tokens cert 
as an owner cert, and thus not offering it for S/MIME signing or SSL 
client-cert authentication. OpenCA's signing CA cert has been imported 
onto the software token of FF and trusted for all available choices. 
After all, the cert on the card is shown as other peoples's cert.
Did MUSCLE's PKCS11 and NSS token manager stop working together?
Has somebody seen this behaviour before, or can even tell what's wrong here?

Thank you in advance

Martin

 > openssl x509 -in C0.der -inform DER -text -noout

Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 7 (0x7)
         Signature Algorithm: sha1WithRSAEncryption
         Issuer: C=DE, O=xxx, OU=EP, CN=Martin 
Buechler/emailAddress=xxx at xxx.de
         Validity
             Not Before: Nov 20 12:19:51 2007 GMT
             Not After : Nov 19 12:19:51 2008 GMT
         Subject: C=DE, O=xxx, OU=Employees, CN=Martin 
Buechler/serialNumber=7
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
             RSA Public Key: (1024 bit)
                 Modulus (1024 bit):
                     00:cd:84:cf:7f:a9:34:72:72:2a:d5:53:9a:33:d6:
                     fa:b6:db:ce:34:e1:5c:49:1c:ee:f6:64:1d:9d:e2:
                     57:43:ee:98:a2:bd:82:bb:58:59:71:fa:97:e7:1c:
                     18:30:f2:3b:70:da:99:76:b9:57:c9:c0:5c:21:9c:
                     a8:70:e1:28:6b:e7:b9:d4:4c:3b:25:71:a9:59:2c:
                     5e:4b:c5:f1:65:76:a3:2e:b1:ea:d6:00:c3:7d:1e:
                     96:9f:5d:f8:b4:ee:ea:68:06:27:09:1e:2c:5c:f2:
                     97:30:bd:f5:b0:5f:0c:05:93:c7:4e:6c:ed:e8:d2:
                     61:c8:1c:11:7b:f0:e7:6b:07
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Basic Constraints:
                 CA:FALSE
             X509v3 Certificate Policies:
                 Policy: 1.2.3.3.4
                 Policy: 1.2.3.3.5
                 Policy: 1.2.3.3.6
                 Policy: 1.2.3.3.7
                   CPS: http://some.url.org/cps

             Netscape Cert Type:
                 SSL Client, S/MIME
             X509v3 Key Usage:
                 Digital Signature, Non Repudiation, Key Encipherment
             X509v3 Extended Key Usage:
                 TLS Web Client Authentication, E-mail Protection, 
Microsoft Smartcardlogin
             Netscape Comment:
                 User Certificate of xxx
             X509v3 Subject Key Identifier:
                 E8:9D:72:44:82:1E:E7:BD:92:78:C1:7A:AB:F9:FA:4C:C1:B8:9C:10
             X509v3 Authority Key Identifier:
 
keyid:C1:0A:25:6F:C0:FB:46:DA:6B:9B:85:2A:75:B6:AF:75:37:A1:3D:36
                 DirName:/C=DE/O=xxx/OU=EP/CN=Martin 
Buechler/emailAddress=xx at xxx.de
                 serial:A4:A3:47:0A:CD:9F:28:26

             X509v3 Subject Alternative Name:
                 email:xx at xxx.de
             X509v3 Issuer Alternative Name:
                 email:xx at xxx.de
             Netscape CA Revocation Url:
                 http:///pub/crl/cacrl.crl
             Netscape Revocation Url:
                 http:///pub/crl/cacrl.crl
             X509v3 CRL Distribution Points:
                 URI:http:///pub/crl/cacrl.crl

     Signature Algorithm: sha1WithRSAEncryption
         0d:f7:d1:7c:81:66:ae:7f:3c:72:d5:38:e1:a3:6a:dc:8b:2f:
         ab:9b:19:2e:94:0a:3d:d0:5c:35:a8:78:b8:0e:f6:0d:bc:91:
         87:48:a7:1f:81:6e:54:95:84:ba:13:e0:ec:3d:8a:8c:c4:55:
         9a:eb:f5:90:e8:af:ec:15:99:a3:5b:73:83:68:93:3b:3d:e1:
         c3:7b:83:d1:da:d2:5d:c3:06:9e:f5:a3:36:f5:4e:fd:c1:aa:
         17:f8:94:a6:16:92:9c:9a:ab:50:4e:8f:0e:6f:ca:77:b4:51:
         49:2b:c2:c0:c6:e0:42:f7:3f:d3:93:1e:75:53:2f:44:08:de:
         4f:69:7f:31:a8:5b:5a:26:0e:4e:80:f0:17:2d:16:9c:a0:88:
         7a:d2:d6:eb:f5:e5:1a:1a:3a:1e:b1:12:fb:b7:05:e1:3b:6b:
         99:32:25:e3:f0:3b:4a:eb:2c:0a:ac:c5:1d:99:54:00:04:07:
         b5:05:be:ca:be:de:36:65:f0:ac:9f:95:a3:3a:6e:ae:57:25:
         64:5d:de:5b:d8:b0:8c:91:d5:4e:5a:1d:8f:11:8e:de:58:5d:
         4f:bf:10:0e:6a:95:39:f2:34:28:ac:11:81:85:0f:27:f4:8c:
         e1:7d:58:0a:01:e5:13:f3:c3:38:9d:a5:ac:03:a0:04:d6:36:
         d6:3e:64:ef:c7:56:c5:1b:30:d2:71:1b:fe:51:52:b1:cf:57:
         a1:20:57:e4:51:7d:57:05:56:a7:a0:e4:8c:ef:11:a3:10:03:
         e7:62:ed:6e:26:66:39:13:9b:d2:05:dd:2d:44:7c:d9:5a:3f:
         e8:b4:b8:90:a5:2e:5e:97:89:34:dc:5a:c5:59:99:35:36:39:
         ca:6d:63:4e:19:ad:30:db:62:18:db:ea:f1:ed:68:48:24:5c:
         2b:bf:a8:97:50:6d:5d:81:ef:a2:f9:2d:30:be:e6:54:6b:cc:
         5b:e8:4a:ce:dc:ca:54:e5:fb:01:66:5e:d7:eb:db:4e:2a:92:
         ad:11:bf:9f:86:74:ab:e5:99:1c:bf:4d:a0:fa:4d:8c:6e:35:
         68:df:05:8e:22:76:cc:f4:ef:f1:a5:ab:20:64:3e:33:c5:a7:
         2d:fe:0c:9e:35:ca:63:19:6d:92:bf:82:2a:6a:88:bb:6e:7f:
         38:15:e1:d6:01:23:b4:b8:cd:21:7d:aa:cf:a7:c9:5e:88:e0:
         34:3e:4f:ee:2f:97:9a:df:33:bb:ee:fc:a6:3f:d5:86:31:a4:
         52:7c:6d:0f:ad:a8:30:12:b1:be:23:b9:d7:11:6c:9f:a2:9c:
         1e:1d:c0:ab:b8:72:2a:2b:77:45:d9:af:2d:a3:e2:71:08:9c:
         87:ff:f5:90:93:38:89:22

More information about the Muscle mailing list