Tìm kiếm hỗ trợ

Tránh các lừa đảo về hỗ trợ. Chúng tôi sẽ không bao giờ yêu cầu bạn gọi hoặc nhắn tin đến số điện thoại hoặc chia sẻ thông tin cá nhân. Vui lòng báo cáo hoạt động đáng ngờ bằng cách sử dụng tùy chọn "Báo cáo lạm dụng".

Learn More

SSL nameConstraints and SEC_ERROR_BAD_DER

  • 6 trả lời
  • 1 gặp vấn đề này
  • 6 lượt xem
  • Trả lời mới nhất được viết bởi jscher2000

more options

Hello,

bellow ca and cert leads to the SEC_ERROR_BAD_DER error in Firefox. In Chrome it works ok. What is wrong?

ca:


BEGIN CERTIFICATE-----

MIIGWDCCBECgAwIBAgIUENZtuCf3Tob4s6huBzfC8ZAJkLEwDQYJKoZIhvcNAQEL BQAwUjELMAkGA1UEBhMCUEwxDzANBgNVBAcMBldhcnNhdzEYMBYGA1UECgwPKi5s b2NhbCBkb21haW5zMRgwFgYDVQQDDA8qLmxvY2FsIGRvbWFpbnMwIBcNMjAwOTE1 MTEwODI5WhgPMjEyMDA4MjIxMTA4MjlaMFIxCzAJBgNVBAYTAlBMMQ8wDQYDVQQH DAZXYXJzYXcxGDAWBgNVBAoMDyoubG9jYWwgZG9tYWluczEYMBYGA1UEAwwPKi5s b2NhbCBkb21haW5zMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyM+E 2qiGxytcwOgedhO5O7jQ1j1eYWic1nPbTJPvusCN48mEmwr8SrrfLtRnbKpql/R1 NxQpHLLnY2Yl+6wyfOa/bSickFr1i6MUhIo8E2QgzcxKz8ZhnURen/UHBDhVozIu zmnlEO8xlTJ7Oo8XYRKyA0AcZFKchOcJ5n0dLukWRma/fydZwkWFPqSON4Gph6l7 iINxzLhBwV9QzJqiJ2SoBK5TrpDuTrQ/S5s0lwtzF5bNAz7Unerdj18A00OcINso 7rov9USeKIxHNt2iNZB5QiUkwGqEOuv0D+COv0tBD/fghRYGCLD3kjz2ZlR3r+Ge 6JF/+veM68bUztLE80cjJQG0yTCG5FrkMg05bIZ45OZjIvAMDL/1UJXiANiJFYIv V9ePuXWfKJs//vU31fG44K27dB/IrFwepYVAbTSrPZnGCx9QlXiUpeW0TTBV6IKB AYzSl3t4FYpGFb52mWNlI639hI9GJ8LYnts4dO2U7jxRyQEnTjsF0NJolTyopVEl f2z3FRo3s7K5M8Qshm9mPkJp6wfo39EAQV3tNQnixvZl3lJGSsuK+y8OaAv1Dwvt iH1FWzxnDDKzqR1ZVjyIQlbUMiAzjIC1crGKUlm7Da7gF5x1BdWgyKB5i2+S3VyA r0x1Syi0VbNrW1JQfJRs98VDI96tZ/N8+r4lzeMCAwEAAaOCASIwggEeMB0GA1Ud DgQWBBQjEzbpKy4CdyO+MQ+9ncqhuBPmEjCBjwYDVR0jBIGHMIGEgBQjEzbpKy4C dyO+MQ+9ncqhuBPmEqFWpFQwUjELMAkGA1UEBhMCUEwxDzANBgNVBAcMBldhcnNh dzEYMBYGA1UECgwPKi5sb2NhbCBkb21haW5zMRgwFgYDVQQDDA8qLmxvY2FsIGRv bWFpbnOCFBDWbbgn906G+LOobgc3wvGQCZCxMAwGA1UdEwQFMAMBAf8wCwYDVR0P BAQDAgEGMFAGA1UdHgRJMEegEzAHggVsb2NhbDAIggYubG9jYWyhMDAKhwgAAAAA AAAAADAihyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADANBgkqhkiG 9w0BAQsFAAOCAgEAqBaI/6wL7AiaNO0A3/fW6Vs2Pv26GZ5MHCJ7utatgUWMeko6 VeA7ox1mI06Gtio/uZeAkcHWH3Mv8OTel09jPok524GhUCXZPWmy6Fw6UTqjCMZE BJE3DK4alXDyAd/huHu35HeG+yc4JcSjrMeWmXPp70YsfrfAHMFyu/xpsvasYFKR OLPNHvoOXSv2dE94RtrvTYchMb1Hny0T1UEq/9zKhfEyY+gL/49d5lnNc8gFflsN oxwQrJR5+Za2UhCk5eXtjihsHEEx5ATcWYKPWZjpJ1rzfBqy7GKdu6ooB/yItabq Mu9WGSgRDU//TvGgfppU0SdSGjdAfwPaxQMlNXzhdADzCshn+vrn3Dbjm0i1VVL3 ud/0I70SVNqQyBcH6qfieSL6Wzusz8HNKtTo7cTiIfQ9syUwLK+HZSOOaNkBsMvh c5BFUo6KReiea3+WSN912ZrVhXutA5TMhRNCnk2CWHnfJcKn69s1YErN36/OBHyP +Tyddb5wue/z5BF3yDEVJGbN+NLApIFC9GdqoRMmU6TRyIsGjIuWVqHrnZxLLYhs dB7bz3Di356w9E2ICKEy6g9OQHKHuL4MAzy9k3/ATQ6L/6DJsU60xDYNueLSBXaA gQ367qh5CSOq2Gh18Lyo1dNKRqhekhj+PQIIZrx7k9UhJGa4EEmFLNnOZ60=


END CERTIFICATE-----

cert:


BEGIN CERTIFICATE-----

MIIEOTCCAiGgAwIBAgIUFh/RK2IbfX8WuyuicSyTbnys14owDQYJKoZIhvcNAQEL BQAwUjELMAkGA1UEBhMCUEwxDzANBgNVBAcMBldhcnNhdzEYMBYGA1UECgwPKi5s b2NhbCBkb21haW5zMRgwFgYDVQQDDA8qLmxvY2FsIGRvbWFpbnMwIBcNMjAwOTE1 MTEyMDEyWhgPMjEyMDA4MjIxMTIwMTJaMB8xCzAJBgNVBAYTAlBMMRAwDgYDVQQD DAcqLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuERKh7lH TqrCC395M7gSoNAoXrM2TQ7xmBShuoeypCQaPHnufD40+3CxVWOUznC4k+OchDni TUcRJq6Zck3uRC5cC7H7vP6ULiwk5lTWZwKwmW8BTt/Qu+FnXBG+PLUF24s0Cqv4 wUOubU+/DamdwoufmYGjNxreddcJu8oCMuwJKGv3WTGmCsYHWmebrKE/ayw/MlWi 5oB8XrxpeZlD+po4H0rv1s2f1m4nXbEGjq3Wxdwh2dbwEQEMUjGNc+lRGS3evBo8 SF6+Ot8Wzfa/NYGlUcA3jYVHl9gMG398pGikrmTecXh5w0VOKJ4qSMhgzMqIH5WR DfT6VSG6AwZDqQIDAQABozgwNjALBgNVHQ8EBAMCBeAwEwYDVR0lBAwwCgYIKwYB BQUHAwEwEgYDVR0RBAswCYIHKi5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAgEAtClj BoRiitzzzr0H7hZGI4RWa17L9ou1cmwBC10fdrgOPON9Kwsh632t82/EGfHmRR3D KCVke12Qd7jTchGna03JU+0zuc+5WN5LuBc/1R0iYWVwHmYWQtkLuBaWEvOvsH4N 8Og37Gn0nI8UBCZd8V9MgIIhsAJ0pk8vNi0bv5TnZk5n+IZtpWTQZVZj3F/8tAN3 ZNwkec8RjLCKsXygwadKNxkuxMrecqIKrOsE+mxpHuxciEoQHIrlYmwS7fdUYdtk vzS7UrKopNj1uAMAd31XDeEs1aXsJDnF3mk3sdKyx7/Alv01GA9FCCQJpa+naOtP e6rxcoDk1ffGDUIKr1QJgVrKUco4jrwmYLMOSjEOwzDH1zcmMeOs97OP2qKZE9BI i3nPQno907odphdRz0NA3mGy70mz6pTnsYOPW/9QFL25A8dsD10OPSrGjmKkSyv0 rRnJCx5uYXuz5Yw2fO097n1z7jEGu9Ve27pvifG2pgT4PA1a3lWFDDlABo+cyDVB +OSvIWvr0YZpfQYam069AF2vtyqdw8FWHTlV9zH/6r3gXk9VrLBrzNWMCnUJwK7h Y8mnUwc9nVtWqwNxIS9oda4R7DImhEmNK3xz2lEpHIWVisd8p+TuTVHL2D22WzPX 76MD6hy8iNxOTr00+c+NcDzrqjH4FftkvEEg35g=


END CERTIFICATE-----

Tất cả các câu trả lời (6)

more options

SEC_ERROR_BAD_DER hi, this error code means "A certificate is not properly encoded according to ASN.1 (DER) encoding" according to https://wiki.mozilla.org/SecurityEngineering/x509Certs#Error_Codes_in_Firefox

Hữu ích?

more options

I called for more help.


Certificate 1 Check Result Expiry PASSED - Expires Aug 22 2120 (36499 days) Debian RSA Weak Key PASSED - Does not use a key on our blacklist - this is good Key Size PASSED (4096 bits) MD5 PASSED - Not using the MD5 algorithm SHA1 PASSED - Not using the SHA1 algorithm

Certificate 2 Certificate Checks Check Result Expiry PASSED - Expires Aug 22 2120 (36499 days) Debian RSA Weak Key PASSED - Does not use a key on our blacklist - this is good Key Size PASSED (2048 bits) MD5 PASSED - Not using the MD5 algorithm SHA1 PASSED - Not using the SHA1 algorithm

Hữu ích?

more options

So the second certificate appears to be for

*.local

I'm not seeing the Authority Key ID in that certificate. It should match the Subject Key ID of the signing certificate. If you use

right-click > View Page Info > Security > View Certificate

on a page in Firefox, you should see those fields for certificates that pass validation. When using an online decoder, it will appear in the Extensions section. For example:

https://ssltools.godaddy.com/views/certDecoder

Hữu ích?

more options

I have added the Authority Key ID to the cert, but still the same error:

new ca:


BEGIN CERTIFICATE-----

MIIGWDCCBECgAwIBAgIUE7H1DpI/9vsGARH4F+xEeFwR3kwwDQYJKoZIhvcNAQEL BQAwUjELMAkGA1UEBhMCUEwxDzANBgNVBAcMBldhcnNhdzEYMBYGA1UECgwPKi5s b2NhbCBkb21haW5zMRgwFgYDVQQDDA8qLmxvY2FsIGRvbWFpbnMwIBcNMjAwOTE2 MDgwNTE1WhgPMjEyMDA4MjMwODA1MTVaMFIxCzAJBgNVBAYTAlBMMQ8wDQYDVQQH DAZXYXJzYXcxGDAWBgNVBAoMDyoubG9jYWwgZG9tYWluczEYMBYGA1UEAwwPKi5s b2NhbCBkb21haW5zMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5g14 rKZ6ppAZfHQzx66IDjbt5Klu2uKuWK9JmQbZu+QkZZGYMflCIQfbd9yGP4H/s44w BL8Jr7P0pPSN15V7+75HU6sPaV8xENJzQQJdi8ZGJu1aUg9Sj2F7BQxNFNWUl4+7 1ZgII41gU6NprtbUpfO6thqANHl1qNxCdKBmJFMvoNwIGRL+wYerGfyAMeMIP9y3 k1dNx/MSEzM68SRDZrHTQedIZuNiP/zWtP88H/qZW9sKcsrgPRyLewCaVMiUnh26 cC4lYTkzoj6W/sW6YxYYIiK3H8TChYWfWuW4TAy/Y4zOCMmYkFTYATIlXc0GYP7V zPHmskwW0SGaIZmp6jHt8EN2pxqKF+uwGK1OByq8Te6TMa4gtwVo6QTe1E7NeY/l zQOB+iqTer1iND0gvQXxHccaaAMdH1po8xXT8nBBqfpXV2lyAIhafwhxQcXiCApx fdxSd/+gC8fskMw+1Q9O2NdfSgvpsnFIHBv5myqmhYnCG3pbYKr3kbA2NTg8E/ub b0FzEGWzhPT3By0jJJJ+Uh5hGrCi6IapCvmeqijfmkwg/OlDaua1oK7totwndZ17 Cp2y7XfxStTQx3rR/iVqkX+0j9oZRsHi+fF+5Q9h1sOUq2ULBPDse9iUU5YmyjK5 C8AdpzYPP4mXFn8ODbfaRyYVhTex06nymfNRb/UCAwEAAaOCASIwggEeMB0GA1Ud DgQWBBRdvo/N0BsWiTlMIxWnuYnjHBscLjCBjwYDVR0jBIGHMIGEgBRdvo/N0BsW iTlMIxWnuYnjHBscLqFWpFQwUjELMAkGA1UEBhMCUEwxDzANBgNVBAcMBldhcnNh dzEYMBYGA1UECgwPKi5sb2NhbCBkb21haW5zMRgwFgYDVQQDDA8qLmxvY2FsIGRv bWFpbnOCFBOx9Q6SP/b7BgER+BfsRHhcEd5MMAwGA1UdEwQFMAMBAf8wCwYDVR0P BAQDAgEGMFAGA1UdHgRJMEegEzAHggVsb2NhbDAIggYubG9jYWyhMDAKhwgAAAAA AAAAADAihyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADANBgkqhkiG 9w0BAQsFAAOCAgEAUZx9yFhWY9aI42JUU2jBJok5L53DV76xtHWkYN/IC4gdngdS bUnj+8v5VHX4IUrR/7BG3tCq9Fzhojhf6ubg4PK0OW9P7TFU8irVlr3S6RB7DWVg Iffr53eeBqcoHyRXlXSegLLqRzUIYSJBgmA6WIk4+LQTy6dpmGN9kBqU0O92gT2i PBgk42B16384FroRUyRi8VhN8k0PLLOrTxpBWDK217x9DAolv36GopyyhcE8o5Co 3te9B6WZz0hRWYTLehSsA/qqRHBjMHViKmkqb1oJF4YhiaeSXcteMC3fYGfyumZy u7CV8nlL3K1UcX92mFZtEz9SDOAL5tWBkqZpxbznwkBGe3EfUah82WANSUR1qlxX Ti0RbeniCmq3vt8/2vO5FWkTlt4EPN9PWRGYd5R8e+OjU3AVspJJLbekUBZo2A23 0esERbOiszQ1CuTx0KWNBkx5h9dfnrGSyYNwtral5O2qCQROxprLDEjU8DkKfidu 67cLAHWXGBg5VqDyVgLF/fFjhv1XvIaLoEKDKlhrmr7TP3WLy6M9rDbwAd2vR43Z fXsUXYYGfMBqLsd4QSlYPgHgUpfxAkcbHeL/SMJw4IrOs/yxp5C4k+4M2GKIiTGx Y+Tn7umXcOH+gzV7mZ2BpLBKBttvoRoWNe+PAYp4sMHx1XK7282EIEvXf2E=


END CERTIFICATE-----

new cert:


BEGIN CERTIFICATE-----

MIIE7DCCAtSgAwIBAgIUTXFL6O/5sW4KbTFO7EE8s/uXz7EwDQYJKoZIhvcNAQEL BQAwUjELMAkGA1UEBhMCUEwxDzANBgNVBAcMBldhcnNhdzEYMBYGA1UECgwPKi5s b2NhbCBkb21haW5zMRgwFgYDVQQDDA8qLmxvY2FsIGRvbWFpbnMwIBcNMjAwOTE2 MDg1MjExWhgPMjEyMDA4MjMwODUyMTFaMB8xCzAJBgNVBAYTAlBMMRAwDgYDVQQD DAcqLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Pve6vrU 5sGig2IKrTHgJ8/gqzkGyPJ1GcOGqCAPb7vWwgKBs9Qdh+djwceXj2FpB6H3SLgX ZMbwkgTF0kgTBTGZVHt3YwbhWVB3jX3az3HsJ6bVAspN9N+w4XmfoJrpvLknxz7d WjP4k4cOzGlbqTB5MMmR0jZ/HmrmeY9c1nXeiUkVQyn/SmtU8Luu4s1FSLyLpczU LovFFgeiGfUnl6JTZnoLaxPfXqJc8+6cUy3aR6zYYzc1kTMqRairzpxtpv/lOdMj v0faVSiKzw/WZfxoDQjOnU8t2ZA1pkkcMXfx1aWRiFU/uYYpokr7/wiHqwaw/771 sTkMytaAiaKz9wIDAQABo4HqMIHnMB0GA1UdDgQWBBRDMksO7uSs1dV51to6DSxg Ljv7ozCBjwYDVR0jBIGHMIGEgBRdvo/N0BsWiTlMIxWnuYnjHBscLqFWpFQwUjEL MAkGA1UEBhMCUEwxDzANBgNVBAcMBldhcnNhdzEYMBYGA1UECgwPKi5sb2NhbCBk b21haW5zMRgwFgYDVQQDDA8qLmxvY2FsIGRvbWFpbnOCFBOx9Q6SP/b7BgER+Bfs RHhcEd5MMAsGA1UdDwQEAwIF4DATBgNVHSUEDDAKBggrBgEFBQcDATASBgNVHREE CzAJggcqLmxvY2FsMA0GCSqGSIb3DQEBCwUAA4ICAQBIkrGxh+lLF1ebhc8kyMOj D+95d/fR9IOh6dvaCzp2wUBB+COHTP6u5pqIY0FYm3I/NepFiXSj0WCOUne9eHMt GT1wlzML1ybC1R8ZB2Fbt2I+onTfU5Bn+BombJWmP8eOJ5TdxDML5R3x5T6IJvvj JmhTozdW7tv2accG7GUzMiUzweCcRutE7wePvkDGZkpKpgMwPbSA6DCodINs3gxZ N9B71dvihvXDO0xCgERc8mEoEq93gwojhPv3PVGvADm7GkqJYeFwkhWBF3aKmqu8 kgXh4HoR6JwSrHpJtaQL6splyV4lvU7LAGXmELFFsqFtFJdLKnd4GUEXUHQGL4b/ Iu1vtx9ccR0smPYXMdee8DesqVdL/96OV1vRvE2m630VfoBNjM3add7ABC/1yDMn qzC9e9tOyQTs5JuQPmRER6lQnhYd4+eJwrDHRFfTwC+RFaM/7iM/FOwrev0LJRZ/ t4cpaT0KpyYd/lnkhRPTlrZXBTqs+FK5zDTLnwfrSjGV7eK5EApRb6VYFsl4BjjH XPNbws03wNzWfbDrttb+RSlz2uO+Cf2wNhLYVdtDUJ+iZBupyoHuLkHrOU44e+G+ /ZjJq6CfBfyGpU5c6O8u6OgcUWy2OUk0KHz/EeYnAt44ZytB4ojDYjz4nK3sz/Ua MZu2hVigIh6zh/kd2TEj7w==


END CERTIFICATE-----

Hữu ích?

more options

I have found what is wrong. FF does not accept wildcards for the top level domains, so I can't issue a cert for *.local, but I can for *.project.local

Hữu ích?

more options

That makes sense. Thank you for reporting back on that.

Hữu ích?

Đặt một câu hỏi

Bạn phải đăng nhập vào tài khoản của bạn để trả lời bài viết. Vui lòng bắt đầu một câu hỏi mới, nếu bạn chưa có tài khoản.