View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0001108||CATS.cacert.org||public||2012-10-29 22:51||2013-10-15 20:16|
|Summary||0001108: Unable to access CATS directly after client certificate import|
|Description||I wasn't able to access the CATS directly after I imported the client certificate into my browser.|
Firefox error message: SSL peer cannot verify your certificate.
It worked a few minutes later.
It seems that there is some kind of cronjob which syncs everything; if that's the case, we need to refactor this as this is confusing (why doesn't it work? oh, now it works!), frustrating (new assurers need the CATS test to be done, and probably they never used client certificates before) and more work for us ("bogus" support requests).
|Tags||No tags attached.|
No, there's no cronjob syncing certificate information or something like this. Acceptance of client certificates is negotiated between Apache server and your browser, there's no piece of CAcert software involved (unless you call the certificate itself "software").
One thing I could imagine is that the certificate was not accepted because the clock of the CATS server is not synchronized, and it currently is 3 minutes late.
So, if the time between certificate creation and your first try was less than three minutes the cert would have been rejected because the CAT server's time was before the "notBefore" time of the certificate.
Do you think that this could have be the reason for your problem?
Message from CATS server sysop:
We have an ntp running. I tried to do some investigation on this and I
could not verify it. The clock is synced now. I could not verify whether
ntpd was operating correctly before since the service was restarted
because of some problems which later turned out as some issues with
There is no need to install ntp on CATS since the clock is set by the
host system and should/can not be modified by the virtual environments.
||I guess the problem came from the out of sync clock, so according to SysOp it should be fixed now.|
|2012-10-29 22:51||TimoAHummel||New Issue|
|2012-12-27 17:04||Werner Dworak||Relationship added||related to 0001107|
|2013-04-06 22:03||Ted||Note Added: 0003864|
|2013-04-06 22:03||Ted||Assigned To||=> Ted|
|2013-04-06 22:03||Ted||Status||new => needs feedback|
|2013-04-07 13:06||Ted||Note Added: 0003865|
|2013-07-16 20:38||Ted||Note Added: 0004163|
|2013-07-16 20:38||Ted||Status||needs feedback => solved?|
|2013-07-16 20:38||Ted||Resolution||open => fixed|
|2013-10-15 20:16||INOPIAE||Status||solved? => closed|