help-gnutls
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnutls] Re: Key usage violation in certificate

From: Roland Winkler
Subject: Re: [Help-gnutls] Re: Key usage violation in certificate
Date: Sun, 31 May 2009 01:05:33 +0200 
On Sat May 30 2009 Daniel Kahn Gillmor wrote:
> You can try this:
> 
> echo QUIT | gnutls-cli --print-cert --starttls --port 25 foo.bar.com
> 
> If that doesn't work (i'm having difficulty getting it to behave as i
> would expect right now), 

Thank you. The above doesn't work for me either:

Resolving 'foo.bar.com'...
Connecting to '64.34.161.100:25'...

- Simple Client Mode:

*** Starting TLS handshake
*** Non fatal error: Function was interrupted.
*** Fatal error: A TLS packet with unexpected length was received.
*** Handshake has failed

> and you have access to openssl, you could do:
> 
> echo QUIT | openssl s_client -starttls smtp -connect foo.bar.com:25

Yes, that worked for me, too. So when I run the certificate through
certtool, everything looks fine to me (no complaints from certtool).
The output of certtool is below. So what's wrong here?

Thanks a lot for your help,

Roland



X.509 Certificate Information:
        Version: 3
        Serial Number (hex): 05
        Issuer: C=DE,ST=Bavaria,L=Erlangen,O=Universitaet 
Erlangen,OU=Physik,CN=Physik CA,address@hidden
        Validity:
                Not Before: Wed May 21 13:22:56 UTC 2008
                Not After: Fri Apr 29 13:22:56 UTC 2016
        Subject: C=DE,ST=Bavaria,L=Erlangen,O=Universitaet 
Erlangen,OU=Physik,CN=server.foo.bar.com,address@hidden
        Subject Public Key Algorithm: RSA
                Modulus (bits 2048):
                        a7:ff:4b:d9:75:4c:82:96:5a:16:df:88:e9:b9:23:bd
                        ed:c2:b6:4b:c0:3a:d0:94:ed:77:70:2a:17:c6:65:5c
                        01:c9:0b:6e:eb:7d:c2:c5:e2:e3:4d:e6:f9:fd:c4:86
                        7f:13:9f:e1:fa:9f:7d:a9:12:52:14:e7:59:64:43:10
                        d3:9c:d2:7a:61:15:e0:2d:2e:63:ff:7a:74:c1:e6:d8
                        36:b4:bb:6e:18:78:2d:ec:ad:c5:61:56:8b:34:5d:a0
                        6b:c6:ed:83:d2:8b:70:85:bf:59:5d:2c:69:59:a6:09
                        fc:c4:9b:1e:7e:fa:bb:d5:cd:f1:3b:e5:ec:e9:6a:f3
                        a7:6e:7d:8c:ce:55:98:b3:c3:a2:bd:b0:83:32:20:a1
                        9e:2f:67:ce:bc:86:8e:8f:93:3b:b4:71:23:d5:77:ab
                        d9:8f:75:c5:d7:aa:33:73:73:fe:b8:60:16:e0:56:67
                        30:a7:39:8a:36:96:d3:a2:a3:b6:c8:6a:e2:2f:5c:27
                        a6:4f:e1:35:5d:72:9d:8d:0d:33:8f:fd:e5:f9:cd:13
                        cc:56:38:e9:ae:9b:f7:02:ce:f1:77:16:e0:ba:a0:e9
                        60:95:79:b3:cd:cb:f0:46:4a:72:07:81:0f:ab:e4:66
                        4f:1a:90:a8:99:e3:07:2c:c5:0b:cf:de:7a:63:70:47
                Exponent:
                        01:00:01
        Extensions:
                Basic Constraints (not critical):
                        Certificate Authority (CA): FALSE
                Unknown extension 2.16.840.1.113730.1.13 (not critical):
                        ASCII: .!YaST Generated Server Certificate
                        Hexdump: 
1621596153542047656e65726174656420536572766572204365727469666963617465
                Unknown extension 2.16.840.1.113730.1.1 (not critical):
                        ASCII: ...@
                        Hexdump: 03020640
                Key Usage (not critical):
                        Key encipherment.
                Subject Key Identifier (not critical):
                        ebd32842114e32fb4a59e96e7f368844c82a0fdc
                Authority Key Identifier (not critical):
                        26a9c14bf99be19e4e3a1598b18e8a28e20246af
                Subject Alternative Name (not critical):
                        RFC822name: address@hidden
                Unknown extension 2.5.29.18 (not critical):
                        ASCII: address@hidden
                        Hexdump: 
30238121706f73746d61737465724070687973696b2e756e692d65726c616e67656e2e6465
        Signature Algorithm: RSA-SHA
        Signature:
                73:dd:04:eb:07:67:aa:ef:37:fe:8a:25:66:d4:26:67
                92:06:cb:81:61:c4:9d:e7:b1:76:fa:2d:12:3a:ce:79
                2c:52:cb:aa:53:58:84:35:e9:55:27:df:fb:9f:96:07
                b0:b0:cb:2a:88:c9:f0:73:6a:33:6e:c2:65:7c:71:51
                b5:f8:b5:29:41:ba:64:70:4c:95:20:33:84:f9:dc:a5
                b0:9e:d1:1e:3f:cc:7d:40:af:81:9c:93:d7:ed:8d:0f
                b4:45:5f:50:0d:c9:8e:0e:d0:d0:6c:36:af:4a:c3:f2
                b1:14:da:e3:ec:c6:13:7a:ba:92:61:23:bc:03:77:c1
                96:39:6d:24:81:8d:74:39:72:55:af:6c:19:c1:5f:00
                81:2f:54:ad:3c:6e:ca:a0:fb:7d:c6:e0:80:02:3b:38
                15:b3:55:2c:06:b4:3b:7f:7a:07:da:8f:ac:a2:44:4b
                f8:90:40:16:4f:b4:1c:fc:dc:3d:aa:41:fa:5d:47:59
                b8:df:9e:25:c0:83:b6:bf:ed:5d:2a:21:d0:7b:a6:64
                00:c3:31:a0:31:c9:d8:93:ca:9b:87:ce:8d:3b:d9:08
                05:a2:7f:9d:4a:79:7f:75:66:2a:97:33:6b:11:3a:2c
                48:7b:44:8e:61:b4:0c:29:8f:44:5b:55:4e:94:bc:38
Other Information:
        MD5 fingerprint:
                3d1adc22cc153763e422e38fb3a0f8a4
        SHA-1 fingerprint:
                a71ffdcd5b09e4901cff2160a8e8f97137cdc2fb
        Public Key Id:
                e0ac4c05064b23d6ab821b860c5c69eb6d5e5d39
reply via email to
[Prev in Thread] Current Thread [Next in Thread]