Hello everyone,
Context
I have a website on my raspberry for my photos. I have created a client and server ssl certificate to secure the best
Result
On my brower "Pale M… (funda kabanzi)
Hello everyone,
Context
I have a website on my raspberry for my photos. I have created a client and server ssl certificate to secure the best
Result
On my brower "Pale Moon" (firefox fork), it works fine. When I go to my site, I am asked to validate the ssl client certificate before entering the site.
On Firefox, I immediatelly get the message :
400 Bad Request
No reuqired SSL certificate was sent.
I don't get any error code specific to Firefox
What I have done to client certifiat
Creation of authority certificate
I put in the file openssl.cnf :
[ req ]
default_md = sha1
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
countryName = Country
countryName_default = FR
countryName_min = 2
countryName_max = 2
localityName = Locality
localityName_default = France
organizationName = Organization
organizationName_default = Raspberry
commonName = Common Name
commonName_max = 64
[ certauth ]
subjectKeyIdentifier
And I execute the following command :
openssl req -config ./openssl.cnf -newkey rsa:2048 -nodes -keyform PEM -keyout ca.key -x509 -days 3650 -extensions certauth -outform PEM -out ca.cer
The key client
openssl genrsa -out client.key 2048
The CSR file
openssl req -config ./openssl.cnf -new -key client.key -out client.req
and then the certificat file :
openssl x509 -req -in client.req -CA ca.cer -CAkey ca.key -set_serial 101 -extfile openssl.cnf -extensions client -days 3650 -outform PEM -out client.cer
P12
In order to integrate my certificate in my browser, I convert to p12 format file
openssl pkcs12 -export -inkey client.key -in client.cer -out client.p12
I then integrate my p12 certificate the same way under Pale Moon and Firefox
My question
How do I get Firefox to ask me for the client certificate without it ignoring it?
My certificat visible on Firefox attached