[Pki-users] Cannot import a certificate
Ricardo Alexander Alexander Perez Ricardez
rperez at pgjtabasco.gob.mx
Tue May 6 04:04:03 UTC 2014
Hello,
I'm trying to import a certificate with mozilla firefox, I want to use this certificate to sign documents in PDF and Microsoft Word, but I get the following error:
This certificate can not be verified and will not be imported. Maybe the issuer certificate is unknown or unreliable, perhaps the certificate expired or been revoked, or has not been approved.
Here are the steps I perform to reproduce the error:
On the client side:
1.- Enter the url "https://pki.mydomain.mx:9444/ca/ee/ca/" in the browser Mozilla Firefox
2.- Select Certificate Profile Name "Manual User Dual-Use Certificate Enrollment"
3.- Change Key Generation Request from 512 to 2048 RSA (Encryption and Signing)
4.- Enter the UID and the Common name and click submit
On the server side:
5.- Enter the url "https://pki.pgjtabasco.gob.mx:9445/ca/services" and select Agent services
6.- Find new certificate request and click the new certificate request
7.- Review the details of the certificate request
8.- Choose approve request and click on submit
Again On the client side:
9.- Check request status
10.- Choose Issued certificate
11.- Review Certificate contents
Certificate:
Data:
Version: v3
Serial Number: 0x15
Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11
Issuer: CN=Certificate Authority,OU=pki-ca,O=mydomain Domain
Validity:
Not Before: lunes 5 de mayo de 2014 22H49' CDT Mexico/General
Not After: sábado 1 de noviembre de 2014 21H49' CST Mexico/General
Subject: UID=Alex prueba,CN=Alexander prueba
Subject Public Key Info:
Algorithm: RSA - 1.2.840.113549.1.1.1
Public Key:
Exponent: 65537
Public Key Modulus: (2048 bits) :
C7:7F:A8:F4:1B:E7:63:61:8D:22:36:BF:2E:A1:78:98:
03:DC:2B:6D:8B:A0:5B:D9:09:CA:2A:85:E7:12:71:21:
E3:33:04:6E:88:12:3C:A8:49:7B:6A:61:15:3C:D2:7C:
5E:C1:F9:A6:B9:3D:38:F7:66:90:34:5E:25:D1:B8:05:
C4:C4:4D:DC:72:FC:DA:30:E6:D8:DE:2D:54:01:ED:95:
97:BE:AD:03:4D:44:F6:5D:D2:1A:FD:02:1A:07:85:5A:
34:EA:B4:A8:49:AD:E9:AD:28:DD:36:A6:E9:8D:72:A0:
5F:B4:EF:5F:F2:9E:A0:0B:00:52:F4:8F:65:6F:22:53:
80:C8:9A:E6:5F:B9:01:EC:69:27:CF:80:5D:56:3D:05:
27:CD:C4:FC:E8:A2:08:C7:55:47:FF:5A:76:29:0B:CF:
4E:00:F4:F8:7E:A6:AE:A1:E5:74:A5:E8:5B:57:C7:BA:
0B:D0:C2:6E:53:53:C7:F6:32:30:C5:CC:2F:DC:3A:8C:
01:36:07:16:81:BC:C1:4E:76:44:46:3A:1B:89:64:8C:
58:AA:C4:54:43:EC:DC:FC:43:8C:7B:23:DD:C4:75:DA:
E4:8A:0E:BF:33:10:B8:CD:A7:B4:1E:A0:80:50:15:A8:
9F:3D:DA:C6:45:E6:F3:94:F2:E8:36:68:57:ED:20:E5
Extensions:
Identifier: Authority Key Identifier - 2.5.29.35
Critical: no
Key Identifier:
DC:B3:54:E7:39:AD:59:DF:3D:F4:DB:C6:6F:9C:86:CE:
91:83:EB:4A
Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1
Critical: no
Access Description:
Method #0: ocsp
Location #0: URIName: http://pki.mydomain.mx:9180/ca/ocsp
Identifier: Key Usage: - 2.5.29.15
Critical: yes
Key Usage:
Digital Signature
Non Repudiation
Key Encipherment
Identifier: Extended Key Usage: - 2.5.29.37
Critical: no
Extended Key Usage:
1.3.6.1.5.5.7.3.2
1.3.6.1.5.5.7.3.4
Signature:
Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11
Signature:
19:90:D1:56:76:B7:69:F8:6B:2B:F8:56:F1:5C:DA:CC:
F1:D2:AB:DE:9F:C5:EF:DC:37:50:71:55:CE:66:58:C8:
06:3F:E1:22:04:74:E8:2F:99:AE:EA:02:0C:58:05:63:
C9:8B:DF:D8:2B:DC:5D:A5:34:D9:42:2C:B5:C2:24:AD:
73:48:E2:5B:D8:1B:02:3F:83:4B:59:00:7F:D2:1C:0D:
5E:10:B3:34:31:CF:4E:4E:38:3C:1E:47:6B:A7:1A:9D:
D2:AF:3B:73:7C:1B:01:0E:E9:6B:81:63:D1:70:DF:B1:
A0:36:C0:D5:AE:DB:6B:41:14:F6:25:C9:D2:69:CF:1A:
7F:CE:82:67:07:FA:CE:26:CE:78:71:31:47:2C:DF:64:
44:D9:1C:25:C0:F1:AE:E1:54:E2:F5:66:01:0F:62:5D:
5D:9B:23:83:44:6E:2A:4E:AA:9D:52:3F:34:F8:19:51:
61:96:CE:C2:03:3B:B2:F5:E3:C6:D7:62:F3:8A:8B:ED:
27:1F:4A:5F:56:4E:94:42:7A:CE:73:4D:EF:E6:85:FF:
FA:31:CB:EC:C2:E7:C2:D6:EC:C3:22:FE:28:1C:D4:D7:
21:D9:8D:7B:02:38:54:56:7E:34:34:7B:D0:C7:ED:C7:
B1:1A:EA:67:5A:B9:47:5D:2D:82:45:5E:D1:4F:1D:A7
FingerPrint
MD2:
47:78:C3:CC:5B:76:A6:6F:CF:BC:E7:A4:9A:8B:C2:7F
MD5:
DD:42:A1:89:B7:0A:B1:0A:A9:84:2C:47:10:35:76:67
SHA1:
04:CF:4C:1E:5C:27:F2:B6:AF:BA:E0:64:32:FC:81:0F:
D5:35:6D:BE
SHA256:
18:98:CA:08:26:22:13:C1:37:3B:45:A5:29:B9:60:85:
55:55:A4:DC:27:C6:89:3E:8D:1A:40:D9:97:C9:3F:C4
SHA512:
36:51:19:47:D1:FB:67:7C:E7:B4:21:6B:50:1D:E1:74:
3E:6D:22:10:AA:CC:DD:4D:84:2E:5E:58:47:69:1D:C1:
AC:35:A9:18:5E:16:DF:82:F8:3B:B9:DE:BF:EB:03:1E:
8B:E9:92:DE:9D:FE:DF:81:9A:B3:97:B5:50:56:A4:7F
Installing this certificate in a server
The following format can be used to install this certificate into a server.
Base 64 encoded certificate
-----BEGIN CERTIFICATE-----
MIIDnjCCAoagAwIBAgIBFTANBgkqhkiG9w0BAQsFADBQMR0wGwYDVQQKExRQZ2p0
YWJhc2NvR29iIERvbWFpbjEPMA0GA1UECxMGcGtpLWNhMR4wHAYDVQQDExVDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTQwNTA2MDM0OTMzWhcNMTQxMTAyMDM0OTMz
WjA4MRkwFwYDVQQDExBBbGV4YW5kZXIgcHJ1ZWJhMRswGQYKCZImiZPyLGQBARML
QWxleCBwcnVlYmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHf6j0
G+djYY0iNr8uoXiYA9wrbYugW9kJyiqF5xJxIeMzBG6IEjyoSXtqYRU80nxewfmm
uT0492aQNF4l0bgFxMRN3HL82jDm2N4tVAHtlZe+rQNNRPZd0hr9AhoHhVo06rSo
Sa3prSjdNqbpjXKgX7TvX/KeoAsAUvSPZW8iU4DImuZfuQHsaSfPgF1WPQUnzcT8
6KIIx1VH/1p2KQvPTgD0+H6mrqHldKXoW1fHugvQwm5TU8f2MjDFzC/cOowBNgcW
gbzBTnZERjobiWSMWKrEVEPs3PxDjHsj3cR12uSKDr8zELjNp7QeoIBQFaifPdrG
RebzlPLoNmhX7SDlAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU3LNU5zmtWd899NvG
b5yGzpGD60owRQYIKwYBBQUHAQEEOTA3MDUGCCsGAQUFBzABhilodHRwOi8vcGtp
LnBnanRhYmFzY28uZ29iLm14OjkxODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBeAw
HQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IB
AQAZkNFWdrdp+Gsr+FbxXNrM8dKr3p/F79w3UHFVzmZYyAY/4SIEdOgvma7qAgxY
BWPJi9/YK9xdpTTZQiy1wiStc0jiW9gbAj+DS1kAf9IcDV4QszQxz05OODweR2un
Gp3SrztzfBsBDulrgWPRcN+xoDbA1a7ba0EU9iXJ0mnPGn/OgmcH+s4mznhxMUcs
32RE2RwlwPGu4VTi9WYBD2JdXZsjg0RuKk6qnVI/NPgZUWGWzsIDO7L148bXYvOK
i+0nH0pfVk6UQnrOc03v5oX/+jHL7MLnwtbswyL+KBzU1yHZjXsCOFRWfjQ0e9DH
7cexGupnWrlHXS2CRV7RTx2n
-----END CERTIFICATE-----
Base 64 encoded certificate with CA certificate chain in pkcs7 format
-----BEGIN CERTIFICATE-----
MIIHnAYJKoZIhvcNAQcCoIIHjTCCB4kCAQExADAPBgkqhkiG9w0BBwGgAgQAoIIH
bTCCA54wggKGoAMCAQICARUwDQYJKoZIhvcNAQELBQAwUDEdMBsGA1UEChMUUGdq
dGFiYXNjb0dvYiBEb21haW4xDzANBgNVBAsTBnBraS1jYTEeMBwGA1UEAxMVQ2Vy
dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE0MDUwNjAzNDkzM1oXDTE0MTEwMjAzNDkz
M1owODEZMBcGA1UEAxMQQWxleGFuZGVyIHBydWViYTEbMBkGCgmSJomT8ixkAQET
C0FsZXggcHJ1ZWJhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3+o
9BvnY2GNIja/LqF4mAPcK22LoFvZCcoqhecScSHjMwRuiBI8qEl7amEVPNJ8XsH5
prk9OPdmkDReJdG4BcTETdxy/Now5tjeLVQB7ZWXvq0DTUT2XdIa/QIaB4VaNOq0
qEmt6a0o3Tam6Y1yoF+071/ynqALAFL0j2VvIlOAyJrmX7kB7Gknz4BdVj0FJ83E
/OiiCMdVR/9adikLz04A9Ph+pq6h5XSl6FtXx7oL0MJuU1PH9jIwxcwv3DqMATYH
FoG8wU52REY6G4lkjFiqxFRD7Nz8Q4x7I93Eddrkig6/MxC4zae0HqCAUBWonz3a
xkXm85Ty6DZoV+0g5QIDAQABo4GaMIGXMB8GA1UdIwQYMBaAFNyzVOc5rVnfPfTb
xm+chs6Rg+tKMEUGCCsGAQUFBwEBBDkwNzA1BggrBgEFBQcwAYYpaHR0cDovL3Br
aS5wZ2p0YWJhc2NvLmdvYi5teDo5MTgwL2NhL29jc3AwDgYDVR0PAQH/BAQDAgXg
MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDANBgkqhkiG9w0BAQsFAAOC
AQEAGZDRVna3afhrK/hW8VzazPHSq96fxe/cN1BxVc5mWMgGP+EiBHToL5mu6gIM
WAVjyYvf2CvcXaU02UIstcIkrXNI4lvYGwI/g0tZAH/SHA1eELM0Mc9OTjg8Hkdr
pxqd0q87c3wbAQ7pa4Fj0XDfsaA2wNWu22tBFPYlydJpzxp/zoJnB/rOJs54cTFH
LN9kRNkcJcDxruFU4vVmAQ9iXV2bI4NEbipOqp1SPzT4GVFhls7CAzuy9ePG12Lz
iovtJx9KX1ZOlEJ6znNN7+aF//oxy+zC58LW7MMi/igc1Nch2Y17AjhUVn40NHvQ
x+3HsRrqZ1q5R10tgkVe0U8dpzCCA8cwggKvoAMCAQICAQEwDQYJKoZIhvcNAQEL
BQAwUDEdMBsGA1UEChMUUGdqdGFiYXNjb0dvYiBEb21haW4xDzANBgNVBAsTBnBr
aS1jYTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE0MDQzMDA1
MDkyNFoXDTIyMDQzMDA1MDkyNFowUDEdMBsGA1UEChMUUGdqdGFiYXNjb0dvYiBE
b21haW4xDzANBgNVBAsTBnBraS1jYTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0
aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+TFt8NY+Llt
qsOAswT0oCvc/7XECJ4ftQKCrP6Y/O168tW1TOBG5fm5NXY7u7QyXC8HWWuC24XS
p5tgOhgtHnhAnyCj8isn4VvzxIdVFMPFlSjwJN3uKkGKq2jXojOZKPL7pK2Tzm4l
w+v5G89uQ0JSxqAG9x9EUWQ2UFIXaGrby7V5GaRh6H7OLWqGn/ZpZHcMhZPFGTED
lbLK7BNCP8TnOBfNYjkUGF41F+n559H2EblvjB3nnrRAcUZt0s5MGCcDp3wexWHF
Exo2/DoKY3vYdRuaUVKeqXGZGrawuymD0rzS7/aS+WeEgljg8Dh2vqtWeF/2AzhL
KvIm0y+2kwIDAQABo4GrMIGoMB8GA1UdIwQYMBaAFNyzVOc5rVnfPfTbxm+chs6R
g+tKMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQWBBTc
s1TnOa1Z3z3028ZvnIbOkYPrSjBFBggrBgEFBQcBAQQ5MDcwNQYIKwYBBQUHMAGG
KWh0dHA6Ly9wa2kucGdqdGFiYXNjby5nb2IubXg6OTE4MC9jYS9vY3NwMA0GCSqG
SIb3DQEBCwUAA4IBAQAhjq/FFqF/Nlobc90zHZ2dWmkYZvWZMVk+zVVSAlFyClxi
draCo3uwNlmYnHnN0m8SPoejjohr58lOOOFRp6uh+DTtX7wdxXZo49cN8SrRBGrV
csrWAce2pMltEom4qcgbVaOKeUl2kQk7SKdkXuvdEQd9MutG8qrBRUMIdgP4YkOb
JY87ckIixpX5fDMcJ1kMD57bhDjEIOcPZ3IEs2NZbYerBulsYg1gD8BjQObHbRrw
VCZmtx9sJepkzK0VacCwwJWZ8MRsg25OLQKyV1dNiyW82wEIJJbpeGYs6ctaJwHt
+UkabdvkB7nrBSMHhg+STIh+F2qpMLyY5yfxCxvvMQA=
-----END CERTIFICATE-----
12.- Click import your certificate
13.- I get message: "This certificate can not be verified and will not be imported. Maybe the issuer certificate is unknown or unreliable, perhaps the certificate expired or been revoked, or has not been approved."
Note: I added numbered images for more detail as well as the details of the certificate.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 01 cert_enroll.png
Type: image/png
Size: 103683 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20140505/81b0f490/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 02 cert_request.png
Type: image/png
Size: 100287 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20140505/81b0f490/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 03 cert_submit_request.png
Type: image/png
Size: 69349 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20140505/81b0f490/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 04 cert_request_sucessfull.png
Type: image/png
Size: 61994 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20140505/81b0f490/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 05 cert_status.png
Type: image/png
Size: 58898 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20140505/81b0f490/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 06 cert_requeststatus.png
Type: image/png
Size: 54907 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20140505/81b0f490/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 07 cert_resqueststatus2.png
Type: image/png
Size: 69341 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20140505/81b0f490/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 08 cert_approve.png
Type: image/png
Size: 60618 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20140505/81b0f490/attachment-0007.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 09 cert_complete.png
Type: image/png
Size: 59860 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20140505/81b0f490/attachment-0008.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 10 cert_checkstatus.png
Type: image/png
Size: 61553 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20140505/81b0f490/attachment-0009.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 11 cert_new_status.png
Type: image/png
Size: 59430 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20140505/81b0f490/attachment-0010.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 12 cert_details.png
Type: image/png
Size: 86447 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20140505/81b0f490/attachment-0011.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 13 cert_option.png
Type: image/png
Size: 138482 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20140505/81b0f490/attachment-0012.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 14 cert_import1.png
Type: image/png
Size: 135933 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20140505/81b0f490/attachment-0013.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 15 cert_noimport.png
Type: image/png
Size: 141049 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20140505/81b0f490/attachment-0014.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cert_request_ID20
Type: application/octet-stream
Size: 6074 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20140505/81b0f490/attachment.obj>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: cert_text.txt
URL: <http://listman.redhat.com/archives/pki-users/attachments/20140505/81b0f490/attachment.txt>
More information about the Pki-users
mailing list