Project

General

Profile

Actions

Bug #6877

closed

nsCertType "Server" property of a certificate is not detected if additional nsCertType flags are also set

Added by Bruno Grossmann about 8 years ago. Updated about 8 years ago.

Status:
Resolved
Priority:
Very Low
Assignee:
Category:
Certificates
Target version:
Start date:
10/26/2016
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
All

Description

Using a GoDaddy server certificate. The server has both TLS Web Server Authentication and TLS Web Client Authentication EKU OIDs. Yet, the certificate manager screen states the certificate is not a server certificate.

Here is the certificate:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:69:e6:2f:b7:82:62:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
        Validity
            Not Before: Aug 31 17:13:39 2016 GMT
            Not After : Aug 31 17:13:39 2017 GMT
        Subject: OU=Domain Control Validated, CN=cloudmgr.cloudtransform.ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:d9:4e:02:2b:0a:6e:28:79:a6:b3:c4:a7:95:11:
                    2b:4c:f3:ff:60:2d:44:29:18:f8:97:1a:1b:92:9b:
                    fb:4b:51:a5:ed:8c:57:99:8c:43:6c:4b:01:64:d4:
                    b6:ea:73:3b:64:2f:d8:84:33:7d:67:09:71:e2:fd:
                    81:46:af:32:fb:5c:bc:8d:01:1f:3b:43:d4:95:01:
                    6a:f4:c8:1d:4b:84:93:35:57:88:7d:c8:3a:36:b2:
                    af:bc:96:9a:7b:7c:98:29:d5:12:26:55:51:a0:d2:
                    2b:77:a2:31:4e:cf:20:90:35:f0:00:89:1f:1c:bb:
                    08:f8:1f:9a:e2:a8:5e:ec:79:fa:27:aa:6a:f6:e9:
                    54:e2:6b:98:9e:cc:3c:39:cd:fe:2e:50:82:66:7f:
                    fc:4b:7c:35:42:0a:a8:df:ae:d5:dc:55:43:f1:4d:
                    10:e6:a6:f8:b3:2f:7a:2d:2b:9c:8b:af:dc:16:23:
                    d6:25:3e:62:90:03:78:87:68:73:1e:22:98:0b:3e:
                    e7:b7:64:e6:e4:19:a2:56:73:8b:0a:62:06:fc:12:
                    cf:9b:59:a5:be:ed:3a:0d:03:b6:21:b9:c9:ce:1e:
                    e6:83:1d:3b:9c:5f:9b:23:a5:65:e9:d0:9a:29:68:
                    45:5c:93:b4:44:2d:c7:db:af:87:7b:bd:42:0b:46:
                    b0:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://crl.godaddy.com/gdig2s1-295.crl

            X509v3 Certificate Policies:
                Policy: 2.16.840.1.114413.1.7.23.1
                  CPS: http://certificates.godaddy.com/repository/
                Policy: 2.23.140.1.2.1

            Authority Information Access:
                OCSP - URI:http://ocsp.godaddy.com/
                CA Issuers - URI:http://certificates.godaddy.com/repository/gdig2.crt

            X509v3 Authority Key Identifier:
                keyid:40:C2:BD:27:8E:CC:34:83:30:A2:33:D7:FB:6C:B3:F0:B4:2C:80:CE

            X509v3 Subject Alternative Name:
                DNS:cloudmgr.cloudtransform.ca, DNS:www.cloudmgr.cloudtransform.ca
            X509v3 Subject Key Identifier:
                40:E1:91:BD:E9:1C:BF:9A:84:02:C5:06:B8:8C:A5:10:8D:8D:33:8E
    Signature Algorithm: sha256WithRSAEncryption
         80:77:6f:1b:66:91:e9:9f:92:0c:2c:b2:21:b1:f7:e2:15:4a:
         e7:c0:88:bb:a4:80:8c:f8:60:6f:62:8d:87:b8:04:f5:1c:67:
         83:45:d4:28:62:ac:d4:50:6b:46:7a:c0:28:7a:f9:f6:dc:19:
         52:24:27:0f:03:c2:22:c2:11:b2:38:55:cc:af:c0:2b:de:9e:
         9f:42:90:cd:0a:43:5c:4d:63:40:5b:97:3e:d4:54:6d:8c:63:
         ef:e6:8a:49:5b:ae:22:1e:64:14:32:1d:60:b8:51:0c:40:42:
         46:cf:1f:34:65:1b:61:58:4f:07:69:62:81:b7:57:04:9a:a2:
         23:c3:70:9d:80:75:f6:06:76:4f:52:33:fd:c2:c7:81:51:0b:
         12:3f:10:72:26:54:8d:4f:91:f0:0e:1a:66:3e:d7:86:46:4e:
         9f:3c:4f:3a:66:39:3e:86:ca:d0:9c:f1:69:f9:f1:b7:7b:7d:
         76:7c:6d:d1:0d:e0:9c:ed:1e:0b:d2:2a:96:96:29:51:88:a4:
         54:11:d7:7d:8e:64:f1:c1:a7:8f:6e:ea:35:ec:81:31:02:84:
         e9:11:7a:17:bf:3f:ff:c4:cb:3e:ae:54:cb:ff:5e:05:c7:b2:
         05:22:2e:59:eb:4a:de:08:e5:85:a8:9a:6e:80:85:14:ac:73:
         3f:ca:0a:e9

Files

cert_manager.png (96 KB) cert_manager.png Red rectangle highlights issue described above Bruno Grossmann, 10/26/2016 08:22 AM
Actions

Also available in: Atom PDF