Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Pomoc pśepytaś

Glědajśo se wobšudy pomocy. Njenapominajomy was nigda, telefonowy numer zawołaś, SMS pósłaś abo wósobinske informacije pśeraźiś. Pšosym dajśo suspektnu aktiwitu z pomocu nastajenja „Znjewužywanje k wěsći daś“ k wěsći.

Dalšne informacije

Import client certificate for website with selfsigned ssl certificate

  • 1 wótegrono
  • 8 ma toś ten problem
  • 9 naglědow
  • Slědne wótegrono wót n'Arno

more options

Hi,

I'm building a simple web tool box and i use a self-signed certificate for HTTP SSL encryption.

Furthermore, I'll use client certificate for authentication.

If i add an exception for the website, i can't later on install my client certificate (error message: the PKCS #12 operation failed for unknown reasons).

If i first add the client certificate, i can't then access the website to add an exception: sec_error_reused_issuer_and_serial

Even if i first add the my CA, it doesn't help.

Please find below the method i used to create my certificates:

  1. !/bin/bash

set -e

  1. Create the CA Key and Certificate for signing Client Certs

openssl genrsa -out ca.key 4096 openssl req -new -x509 -days 3650 -key ca.key -out ca.crt

  1. Create the Server Key, CSR, and Certificate

openssl genrsa -out server.key 2048 openssl req -new -key server.key -out server.csr

  1. We're self signing our own server cert here. This is a no-no in production.

openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

  1. Create the Client Key and CSR

openssl genrsa -out client.key 2048 openssl req -new -key client.key -out client.csr

  1. Sign the client certificate with our CA cert. Unlike signing our own server cert, this is what we want to do.

openssl x509 -req -days 3650 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt

  1. Build client PKCS12

openssl pkcs12 -inkey client.key -in client.crt -export -out client.pfx

Best Regards,

Hi, I'm building a simple web tool box and i use a self-signed certificate for HTTP SSL encryption. Furthermore, I'll use client certificate for authentication. If i add an exception for the website, i can't later on install my client certificate (error message: the PKCS #12 operation failed for unknown reasons). If i first add the client certificate, i can't then access the website to add an exception: sec_error_reused_issuer_and_serial Even if i first add the my CA, it doesn't help. Please find below the method i used to create my certificates: #!/bin/bash set -e # Create the CA Key and Certificate for signing Client Certs openssl genrsa -out ca.key 4096 openssl req -new -x509 -days 3650 -key ca.key -out ca.crt # Create the Server Key, CSR, and Certificate openssl genrsa -out server.key 2048 openssl req -new -key server.key -out server.csr # We're self signing our own server cert here. This is a no-no in production. openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt # Create the Client Key and CSR openssl genrsa -out client.key 2048 openssl req -new -key client.key -out client.csr # Sign the client certificate with our CA cert. Unlike signing our own server cert, this is what we want to do. openssl x509 -req -days 3650 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt #Build client PKCS12 openssl pkcs12 -inkey client.key -in client.crt -export -out client.pfx Best Regards,

Wót n'Arno změnjony

Wšykne wótegrona (1)

more options

In the end, i used a StartSSL free certificate for the server and my own CA for the client BUT using 2 different values for set_serial should do the trick.