Om de ûnderfining foar jo te ferbetterjen is tydlik de funksjonaliteit dan dizze website troch ûnderhâldswurk beheind. Wannear in artikel jo probleem net oplost en jo in fraach stelle wolle, kin ús stipemienskip jo helpe yn @FirefoxSupport op Twitter en /r/firefox op Reddit.

Sykje yn Support

Mij stipescams. Wy sille jo nea freegje in telefoannûmer te beljen, der in sms nei ta te stjoeren of persoanlike gegevens te dielen. Meld fertochte aktiviteit mei de opsje ‘Misbrûk melde’.

Mear ynfo

Dizze konversaasje is argivearre. Stel in nije fraach as jo help nedich hawwe.

Import client certificate for website with selfsigned ssl certificate

  • 1 antwurd
  • 8 hawwe dit probleem
  • 2 werjeftes
  • Lêste antwurd fan n'Arno

more options

Hi,

I'm building a simple web tool box and i use a self-signed certificate for HTTP SSL encryption.

Furthermore, I'll use client certificate for authentication.

If i add an exception for the website, i can't later on install my client certificate (error message: the PKCS #12 operation failed for unknown reasons).

If i first add the client certificate, i can't then access the website to add an exception: sec_error_reused_issuer_and_serial

Even if i first add the my CA, it doesn't help.

Please find below the method i used to create my certificates:

  1. !/bin/bash

set -e

  1. Create the CA Key and Certificate for signing Client Certs

openssl genrsa -out ca.key 4096 openssl req -new -x509 -days 3650 -key ca.key -out ca.crt

  1. Create the Server Key, CSR, and Certificate

openssl genrsa -out server.key 2048 openssl req -new -key server.key -out server.csr

  1. We're self signing our own server cert here. This is a no-no in production.

openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

  1. Create the Client Key and CSR

openssl genrsa -out client.key 2048 openssl req -new -key client.key -out client.csr

  1. Sign the client certificate with our CA cert. Unlike signing our own server cert, this is what we want to do.

openssl x509 -req -days 3650 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt

  1. Build client PKCS12

openssl pkcs12 -inkey client.key -in client.crt -export -out client.pfx

Best Regards,

Hi, I'm building a simple web tool box and i use a self-signed certificate for HTTP SSL encryption. Furthermore, I'll use client certificate for authentication. If i add an exception for the website, i can't later on install my client certificate (error message: the PKCS #12 operation failed for unknown reasons). If i first add the client certificate, i can't then access the website to add an exception: sec_error_reused_issuer_and_serial Even if i first add the my CA, it doesn't help. Please find below the method i used to create my certificates: #!/bin/bash set -e # Create the CA Key and Certificate for signing Client Certs openssl genrsa -out ca.key 4096 openssl req -new -x509 -days 3650 -key ca.key -out ca.crt # Create the Server Key, CSR, and Certificate openssl genrsa -out server.key 2048 openssl req -new -key server.key -out server.csr # We're self signing our own server cert here. This is a no-no in production. openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt # Create the Client Key and CSR openssl genrsa -out client.key 2048 openssl req -new -key client.key -out client.csr # Sign the client certificate with our CA cert. Unlike signing our own server cert, this is what we want to do. openssl x509 -req -days 3650 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt #Build client PKCS12 openssl pkcs12 -inkey client.key -in client.crt -export -out client.pfx Best Regards,

Bewurke troch n'Arno op

Alle antwurden (1)

more options

In the end, i used a StartSSL free certificate for the server and my own CA for the client BUT using 2 different values for set_serial should do the trick.