View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0001054 | Main CAcert Website | source code | public | 2012-05-31 04:01 | 2021-08-25 13:37 |
Reporter | INOPIAE | Assigned To | Ted | ||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | needs review & testing | Resolution | open | ||
Summary | 0001054: Review the code regarding the new point calculation in ./includes/general.php | ||||
Description | Check if the point calculation is adjusted according to the new points calculation. | ||||
Tags | No tags attached. | ||||
Reviewed by | |||||
Test Instructions | |||||
related to | 0000872 | needs work | INOPIAE | Main CAcert Website | PoJAM restricitions to apply to production system (several restrictions) PoJAM 3.3,, 4.1, 4.2 |
related to | 0001096 | closed | Main CAcert Website | Assurance over Locked-Account shall be impossible | |
related to | 0000835 | closed | Ted | test.cacert.org | Assurer challenge and ssl certificat |
related to | 0001098 | solved? | Ted | test.cacert.org | logout from cats testserver under ca-mgr1 results in weak link |
related to | 0000440 | closed | NEOatNHNG | Main CAcert Website | Problem with subjectAltName |
related to | 0001017 | closed | NEOatNHNG | Main CAcert Website | Chrome certificate enrollement |
related to | 0001035 | closed | Main CAcert Website | CN gets deleted from subjectAltName on cert renewal | |
related to | 0000827 | closed | egal | Main CAcert Website | Tverify points to be deprecated |
related to | 0000114 | closed | Main CAcert Website | Revocation Reason | |
related to | 0001208 | closed | BenBE | Main CAcert Website | Improve readability of "Assure someone" page |
parent of | 0000301 | closed | Main CAcert Website | Modification of the assurance system to track deletions | |
related to | 0001101 | needs work | TimoAHummel | Main CAcert Website | general rewrite of get info from csr routine in includes/general.php |
related to | 0001042 | needs review & testing | Eva | Main CAcert Website | Review the code regarding the new point calculation |
related to | 0001134 | closed | NEOatNHNG | Main CAcert Website | Delete the board flag thourougly in all parts of our software |
related to | 0001216 | new | Main CAcert Website | Assure Someone Page Broken; TTP Assurer is pushed to make a false statement, assurance clashes regarding F2F confirmation | |
related to | 0001177 | closed | BenBE | Main CAcert Website | Combine wot.inc.php, notary.inc.php and temp-function.php |
related to | 0000769 | needs work | Ted | Main CAcert Website | Client certificate broken with unicode |
|
Dirk has done some changes which are available on the test server. Are they complete? |
|
potential test scenarios affected by source code changes: pages/wot/15.php my details - my points - new calculation pages/wot/6.php assure someone, methods F2F and TTP includes/general.php www.cacert.org and secure.cacert.org switch language detection switch "locked accounts" loadem section account.php?x index.php?y secure pwd validation (points regarding strong passwords) check on name parts, email address, dictionary cert subjectAltname routine, Common Name check on CSR's subjAltnames check, OU check on Org certs maxpoints routine, returns points you can issue check on points + assurer challenge levels and age of assurer (eg lt 18?) ping tests adding to pinglog table || why is philipp@c.o as rcpt added in line 642 ?!? || -> use function-alias eg support or sysadmin get-assurer-status checks: cats test passed, maxpoints, assurer-blocked no-assurer text switch is_assurer() using get-assurer-status generate-cert-path: client certs, server certs, org client certs, org server certs switch includes/notary.inc.php get_number_of_assurances() get_number_of_assurees() get_top_assurer_position() get_top_assuree_position() get_given_assurances() get_received_assurances() get_given_assurances_summary() get_received_assurances_summary() get_cats_state() calc_experience() calc_assurances() show_user_link() name="" -> "System" or "Deleted account" get_assurer_ranking() get_assuree_ranking() output_ranking() general: output member mypoints (new calculation) and admin console new calculation check_date_limit(age) eg. PoJAM case calculation calc_points() max_points() output_summary_content() tested age limits 18, 14 AssureMethodLine() eg assure someone with addtl. flags eg TTP, and potential others |
|
u14.1054@acme.com DOB 1.1.2000 assured with 35 points => no assurer => ok added 70 points via batch => no assurer => OK added CATS => shows assuer with 10 points => false added 1 assurance added => assurance possible => false u18.1054@acme.com DOB 1.1.1996 assured with 35 points => no assurer => ok added 70 points via batch => no assurer => OK added CATS added 1 assurance =>ok added 5 assurances via batch All assurance show 10 points => ok account has now 6 assurances wot.id 15 show you can grant up to 15 points => should show 10 points added new assurance with 20 points Points reduced to 10 points according to PoJAM my admin account Added TTP assurance to oa.reinhard@acme.com with 35 points. => ok |
|
test 1054.2.1 3 users 1054.2.1.user1@w.d 1054.2.1.admin1@w.d 1054.2.1.ttpadmin1@w.d login 1054.2.1.admin1@w.d set ttpadmin flag on 1054.2.1.ttpadmin1@w.d => ok login 1054.2.1.ttpadmin1@w.d assure someone 1054.2.1.user1@w.d 3 checkboxes F2F TTP A + - I certify that bug1004 userb4 has appeared in person "Only tick the next box if the Assurance was face to face." for TTP assurance this sentence is wrong B + + I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the CAcert Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible. original documentation? F2F - cap form TTP - ttpcap documentation C + + I have read and understood the Assurance Policy and the Assurance Handbook and am making this Assurance subject to and in compliance with the policy and handbook. => ok, except the "Only tick the next box if the Assurance was face to face." new points: for TTP assurance no experience points counted => ok for F2F assurance 2 experience points counted => ok f2f assurance A not set => passes relates to points removal, reapply thawte patch 1023 or so B set => ok C set => ok |
|
assure someone user f2f only method line no longer appears => ok update 56ca0c87 assure someone user ttpadmin, make ttp method line, ttp selected checkboxes A, B not set, C set => ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert I have explicitly set checkbox B in TTP assurance too but this conflicts with line of info text: "Only tick the next box if the Assurance was face to face." |
|
release: 307f995b assure someone user f2f only method line no longer appears => ok "Only tick the next box if the Assurance was face to face." line no longer appears => ok assure someone user ttpadmin, make ttp method line, ttp selected "Only tick the next box if the Assurance was face to face." line no longer appears => ok checkboxes A not set, B + C set => ok |
|
I have ported changes that were present in the now deleted wot.inc.php and also did some minor improvements. |
|
created new user 1054.2.1.user2@w.d login 1054.2.1.ttpadmin1@w.d assure someone: 1054.2.1.user2@w.d F2F assurance no checkboxes set ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert => ok all 3 set passed => ok new points calc display 261751 2012-09-04 Bug1054.2.1 User2 35 F2F of ttpadmin with selection F2F Face to Face Meeting 2 => ok created new user 1054.2.1.user3@w.d login 1054.2.1.ttpadmin1@w.d assure someone: 1054.2.1.user3@w.d TTP-assisted-assurance no checkboxes set ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert => ok checkboxes set: I certify that Bug1054.2.1 User3 has appeared in person => No I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. => yes I have read and understood AP => yes passed => ok new points calc display 261752 2012-09-04 Bug1054.2.1 User3 35 TTP assurance, req ID [], req from 2012-08-28, TTP 2012-08-28 Trusted Third Parties <> (empty points field) => ok Summary: new points: for TTP assurance no experience points counted => ok for F2F assurance 2 experience points counted => ok checkboxes F2F TTP i certify + - i believe + + i have read + + all ok |
|
1054.1.1 new points calculation display (15.php) summary of tables points given, points received moved 2 columns to the right => fail (10.php is ok) |
|
1054.3.7 maxpoints routine, returns points you can issue new points calc display (15.php) max 35 => ok assure someone: max 35 => ok |
|
1054.4.1 get_number_of_assurances() Assurer Ranking You have made 30 assurances which ranks you as the 0000030 top assurer. manual counted 35 assurances total 30 assurances F2F 5 assurances TTP => ok proposal: You have made 30 assurances which ranks you as the 0000030 top assurer. *) *) note: F2F assurances only |
|
1054.4.3 get_top_assurer_position() 1054.4.4 get_top_assuree_position() Assurer Ranking You have made 30 assurances which ranks you as the 0000030 top assurer. You have received 3 assurances which ranks you as the 0000204 top assuree. 0000030 assurer => ok 0000204 assuree => ok |
|
1054.1.1 column prob reviewed own points 15.php Total Assurance Points: (3 columns) => ok login as admin, search user: assurances user got - new calc (43.php) Total Assurance Points: (5 columns) => ok assurances user gave - new calc (43.php) Total Points Issued: (5 columns) => ok |
|
scenario: 1054.3.3 new user 1054.3.3.user1@w.d 100 assurance points assurer challenge passed 5 batch assurances set flags: lock account try to login 1054.3.3.user1@w.d wrong email or wrong password => error message is misleading, but ok login admin search user 1054.3.3.user1@w.d state: account locked Account State Account inconsistency: Users record locked set code: 4 Account inconsistency can cause problems in daily account operations and needs to be fixed manually through arbitration/critical team. login assurer assure someone 1054.3.3.user1@w.d assurance is possible, passed 261767 2012-09-05 Bug1054.3.3 User1 35 test to locked account user Face to Face Meeting 2 => mmh, but ok filed as separate bug assurance over potential weak user account ?!? read https://bugs.cacert.org/view.php?id=1096 |
|
1054.3.1 (a) cacert / (b) secure switch test (a) http://cacert1.it-sls.de/index.php?id=13 (Donations footer link) http://cacert1.it-sls.de/index.php?id=51 (mission statement footer link) http://cacert1.it-sls.de/index.php?id=11 (contact us footer link) login to useraccount ... results in https://cacert1.it-sls.de link using cert login cert login to another user account results in: https://secure1.it-sls.de link (b) https://secure1.it-sls.de/account.php?id=38 (donations secure footer link) mission statement under secure link still don't exist https://secure1.it-sls.de/account.php?id=40 (contact us secure footer link) (a) cacert / (b) secure switch test works => Ok |
|
1054.3.5 secure pwd validation (points regarding strong passwords) check on name parts, email address, dictionary testing pwd changes with 1054.2.1.user3@w.d shortest known Pwd: Failure: Pass Phrase not Changed The Pass Phrase you submitted was too short. => ok using email alias Failure: Pass Phrase not Changed The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored 1 points out of 6. => ok using name Failure: Pass Phrase not Changed The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored 2 points out of 6. => ok using 2 english known words (from dictionary) Failure: Pass Phrase not Changed The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored 2 points out of 6. => ok old Fred pwd Failure: Pass Phrase not Changed The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored 0 points out of 6. => ok using strong pwd Pass Phrase Changed Successfully Your Pass Phrase has been updated and your primary email account has been notified of the change. => ok |
|
Test 1054.3.2 On Test Ssytem open homepage change translation language to Spanish Login into account with account language English => shows English If use go home switch back to Spanish Login again English Logout => stays English On Productive Ssytem open homepage change translation language to Spanish Login into account with account language English => shows English If use go home switch back to Spanish Login again English Logout => stays English Both systems show same behavior |
|
1054.3.8 age limits (a) < 14 Bug1054.3.8.UserLT14 1.1.2000, 100 AP, passed CATS (b) 14 < 18 Bug1054.3.8.UserIs15 1.1.1997, 100 AP, (c) > 18 Bug1054.3.8.UserGT18 1.1.1990, 100 AP test I receive assurances test II give assurances test III pass cats test testmatrix a b c rcvd assurance pass x1), x2) pass x1) x4) pass x6) give assurances requires III requires III requires III pass cats unknown x3) unknown x5) unknown x7) x1) in theory, this is a PoJAM assurance that needs an extra line: parental consent established but is not yet implemented in production x2) new calculation 15.php Summary of your Points Description Points Countable Points Remark Assurance Points you received 135 100 Limit reached Total Experience Points by Assurance 0 0 Total Experience Points (other ways) 0 0 Total Points 100 You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer x3) logged-in (<14 years old) https://cacert1.it-sls.de/wot.php?id=2 "Becoming an Assurer" link exist includes link to https://cats.cacert.org/ cats test on testserver link is: https://cats1.it-sls.de first create client cert for user with Enable certificate login with this certificate passed CATS test, needs transfer to cacert1 => ted, michael with request to response for re-check the result cats passed logout from cats server (testserver ca-mgr1) results in link: https://cats1.it-sls.de//index.php? ^^ x4) Summary of your Points Description Points Countable Points Remark Assurance Points you received 135 100 Limit reached Total Experience Points by Assurance 0 0 Total Experience Points (other ways) 0 0 Total Points 100 You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer x5) logged-in (15 years old) https://cacert1.it-sls.de/wot.php?id=2 "Becoming an Assurer" link exist includes link to https://cats.cacert.org/ cats test on testserver link is: https://cats1.it-sls.de first create client cert for user with Enable certificate login with this certificate cats passed logout from cats server (testserver ca-mgr1) results in link: https://cats1.it-sls.de//index.php? ^^ x6) Summary of your Points Description Points Countable Points Remark Assurance Points you received 135 100 Limit reached Total Experience Points by Assurance 0 0 Total Experience Points (other ways) 0 0 Total Points 100 You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer x7) logged-in (GT 18 years old) https://cacert1.it-sls.de/wot.php?id=2 "Becoming an Assurer" link exist includes link to https://cats.cacert.org/ cats test on testserver link is: https://cats1.it-sls.de first create client cert for user with Enable certificate login with this certificate cats passed logout from cats server (testserver ca-mgr1) results in link: https://cats1.it-sls.de//index.php? ^^ cannot continue with this test series until the CATS tests made on the CATS test testserver are transfered to cacert1.it-sls.de |
|
1054.4.12 show_user_link() name="" -> "System" or "Deleted account" create 2 user accounts, with 100 AP and passed CATS each where to find "System" ? doing assurances ... experience points issued under My Points 10.php: Your Assurance Points ID Date Who Points Location Method 261780 2012-09-12 02:08:58 John 0 Doe 35 CAcert Test Manager Face to Face Meeting 261781 2012-09-12 02:08:58 John 1 Doe 35 CAcert Test Manager Face to Face Meeting 261782 2012-09-12 02:08:58 John 2 Doe 30 CAcert Test Manager Face to Face Meeting 261787 2012-09-12 Bug1054.4.12 User1 2 @home, CCA+ Administrative Increase 261789 2012-09-12 Bug1054.4.12 User1 2 @home, PoJAM+, CCA+ Administrative Increase Total Points: 104 Assurance Points You Issued ID Date Who Points Location Method 261786 2012-09-12 Bug1054.4.12 User2 0 @home, CCA+ Face to Face Meeting 261788 2012-09-12 Bug1054.3.8 UserIs15 0 @home, PoJAM+, CCA+ Face to Face Meeting Total Points Issued: 0 under My Points 15.php: Summary of your Points Description Points Countable Points Remark Assurance Points you received 100 100 Total Experience Points by Assurance 4 4 Total Experience Points (other ways) 0 0 Total Points 104 You may issue up to 10 points Assurance Points You Issued ID Date Who Points Location Method Experience Points 261786 2012-09-12 Bug1054.4.12 User2 10 @home, CCA+ Face to Face Meeting 2 261788 2012-09-12 Bug1054.3.8 UserIs15 10 @home, PoJAM+, CCA+ Face to Face Meeting 2 Total Points Issued: 20 Total Experience Points: 4 Your Assurance Points ID Date Who Points Location Method Experience Points 261780 2012-09-12 02:08:58 John 0 Doe 35 CAcert Test Manager Face to Face Meeting 0 261781 2012-09-12 02:08:58 John 1 Doe 35 CAcert Test Manager Face to Face Meeting 0 261782 2012-09-12 02:08:58 John 2 Doe 30 CAcert Test Manager Face to Face Meeting 0 Total Assurance Points: 100 Total Experience Points: 0 "System" doesn't show up 10.php lists "Bug1054.4.12 User1" (own name) under listed administrative increase experience points User2: login Admin (SE permissions) search Bug1054.4.12.User2@w.d walk through: https://wiki.cacert.org/Arbitrations/Training/Lesson20/DeleteAccountProcSEv3 procedure (not yet deleted) under other users account, assurance is listed as: a1054.4.12.1 a1054.4.12.1 under 15.php same, except the experience points are not listed as individual administrative increases but as assurance record, counted with 2 experience pts each assurance relogin Admin account search user a1054.4.12.1@w.d delete account() results in message: "I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!" relogin to user account that assured deleted user new calculation 15.php shows: assurance over: a1054.4.12.1 a1054.4.12.1 "Deleted Account" doesn't show up "Deleted Account" probably is displayed once the user created the account, but still hasn't confirmed it and an assurer has passed an assurance over this still unverified user account. After 24/48 hours, the cleanup routine kills this user account and probably the assurer reads "Deleted Account" create new test user account 0000003 login to assurer #1 assure someone -> Bug1054.4.12.user3@w.d results in: ERROR: User is not yet verified. Please try again in 24 hours! Test scenario cannot pass |
|
1054.3.8 age limits (cont.) (a) < 14 Bug1054.3.8.UserLT14 1.1.2000, 100 AP, passed CATS (b) 14 < 18 Bug1054.3.8.UserIs15 1.1.1997, 100 AP, passed CATS (c) > 18 Bug1054.3.8.UserGT18 1.1.1990, 100 AP, passed CATS test I receive assurances test II give assurances test III pass cats test testmatrix ................... a ............. b ............. c ......... rcvd assurance ... pass .......... pass .......... pass give assurances .. avail, fail x1) pass ok, x2) .. pass ok, x3) pass cats ........ pass .......... pass .......... pass verification step III (a) Bug1054.3.8.UserLT14 Summary of your Points Description Points Countable Points Remark Assurance Points you received 135 100 Limit reached Total Experience Points by Assurance 0 0 Total Experience Points (other ways) 0 0 Total Points 100 You may issue up to 10 points ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ => not ok assure someone link is available => not ok x1) u14 isn't allowed to do assurances as this is the current state of the software, this isn't a bug here to follow PoJAM policy a separate bug is filed https://bugs.cacert.org/view.php?id=872 expected: new calculation 15.php you've passed CATS test, however you disqualify as an assurer by PoJAM restrictions (b) Bug1054.3.8.UserIs15 Summary of your Points Description Points Countable Points Remark Assurance Points you received 145 100 Limit reached Total Experience Points by Assurance 0 0 Total Experience Points (other ways) 0 0 Total Points 100 You may issue up to 10 points => ok assure someone link is available => ok x2) between age of 14 and 18, an assurer can issue upto max 10 assurance points no matter of experiences doing 5 assurances 10 AP each => ok doing more then 5 assurances max 10 AP each (limited) => ok Assurance Points You Issued ID Date Who Points Location Method Experience Points 261791 2012-09-12 bug1004 userb4 10 PoJAM assurer, CCA+ Face to Face Meeting 2 261793 2012-09-12 Bug1070 User 10 PoJAM assurer, CCA+ Face to Face Meeting 2 261795 2012-09-12 bug1004 userb5 10 PoJAM assurer, CCA+ Face to Face Meeting 2 261797 2012-09-12 Bug1004 User2 10 PoJAM assurer, CCA+ Face to Face Meeting 2 261799 2012-09-12 bug1004 userb3 10 PoJAM assurer, CCA+ Face to Face Meeting 2 261801 2012-09-12 Bug 846 User2 10 PoJAM assurer, CCA+ Face to Face Meeting 2 261803 2012-09-12 Bug922 User2 10 PoJAM assurer, CCA+ Face to Face Meeting 2 Total Points Issued: 70 Total Experience Points: 14 => ok (c) Bug1054.3.8.UserGT18 Summary of your Points Description Points Countable Points Remark Assurance Points you received 135 100 Limit reached Total Experience Points by Assurance 0 0 Total Experience Points (other ways) 0 0 Total Points 100 You may issue up to 10 points => ok assure someone link is available => ok x3) over 18, assurer follows regular experience levels first 5 assurances -> max 10 AP 2nd set of 5 assurances -> max 15 AP and so forth doing 5 assurances 10 AP each => ok doing assurances 6-10, 15 AP each => ok doing assurances 11-15, 20 AP each => ok doing assurances 16-20, 25 AP each => ok doing assurances 21-25, 30 AP each => ok doing assurances 25 and more, max 35 AP each => ok |
|
1054.3.9 write PingLog entries in SA project team meeting, NEO checked PingLog table last entries from last weeks Tuesdays meeting of bug1054 test users => ok |
|
1054.4.19 "how many points an assurer can award at max" checked in several tests 1054.4.20 output_summary_content() tested age limits 18, 14 (see also 1054.3.8) tested under 1054.3.8 1054.3.4 loadem routine, several tests doesn't disclose a problem in switching between different pages (different id=x pages) 1054.4.19 max_points() how many points an assurer can award at max tested under 1054.4.19 1054.4.9 get_cats_state() newpoints 15.php several times checked, ok 1054.4.10 calc_experience() calculate EP points summarize, no anomaly detected in tests, ok 1054.4.11 calc_assurances() calculate AP points summarize, no anomaly detected in tests, ok 1054.4.13 get_assurer_ranking() stats for 15.php, no anomaly detected in tests, ok 1054.4.14 get_assuree_ranking() stats for 15.php no anomaly detected in tests, ok 1054.4.15 output_ranking(), tested under 1054.4.13 + 1054.4.14 1054.3.10 get-assurer-status< > checks: cats test passed, maxpoints, assurer-blocked. cats passed tested, maxpoints tested, assurer-blocked not yet tested 1054.3.11 no-assurer text switch, checked, ok 1054.3.12 is_assurer() using get-assurer-status, checked, ok 1054.3.13 generate-cert-path: client certs, server certs, org client certs, org server certs switch, several certs created, signed certs received, so procedure works as expected, low level check impossible for software testers. ok |
|
scenario 1054.3.10 new user 1054.3.10.user1@w.d setting 100 AP, assurer challenge, 50 EP login 1054.3.10.user1@w.d assure someone: 1054.2.1.user1@w.d max points (0) enter points: 35 15.php: 0 pts awarded -NEO did some changes- again: assure someone: Bug1054.2.1 User3 max points (35) enter points: 35 15.php: 35 pts awarded setting block assurer flag login user: 1054.3.10.user1@w.d assure someone "ERROR: Sorry, you are not allowed to be an Assurer. Please contact cacert-support@lists.cacert.org if you feel that this is not corect." ^^ correct with two "r" => ok unblock assurer test again assure someone: Bug1054.3.8 UserGT18 max points: (35) enter points: 35 15.php: 35 pts awarded => ok setting block assurer flag Assure someone: -> error message (see above) 15.php summary: Summary of your Points Description Points Countable Points Remark Assurance Points you received 100 100 Total Experience Points by Assurance 56 50 Limit reached Total Experience Points (other ways) 0 0 Total Points 150 You may issue up to 35 points ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ wrong message: shall be "assurer status blocked" or similar message => not ok in 15.php |
|
1054.3.6 part I test #1 - client certs variations using bug 0000440 test account, 150pts assurer similar to test https://bugs.cacert.org/view.php?id=440#c2833 re-test create client cert a) email 1 class1 no name enable cert login create client cert install client cert x1) Valid certs.test@w.d 115C Not Revoked 2012-10-20 21:04:00 serno: 115c displ.name: CAcert WoT User -> ok valid from/to: 20.09.2012 23:04:00 / 20.10.2012 23:04:00 -> ok owner: E = certs.test@w.d, CN = CAcert WoT User -> ok extended key usage: Nicht kritisch E-Mail-Schutz (1.3.6.1.5.5.7.3.4) TLS-Web-Client-Authentifikation (1.3.6.1.5.5.7.3.2) Microsoft-Dateisystemverschlüsselung (1.3.6.1.4.1.311.10.3.4) Microsoft servergesperrte Kryptographie (1.3.6.1.4.1.311.10.3.3) Netscape servergesperrte Kryptographie (2.16.840.1.113730.4.1) certs alternate name Nicht kritisch E-Mail-Adresse: certs.test@w.d => all ok b) email 1 class3 no name enable cert login create client cert install client cert x1) Valid certs.test@w.d 10D6 Not Revoked 2012-10-20 21:14:31 serno: 10D6 displ.name: CAcert WoT User -> ok valid from/to: 20.09.2012 23:14:31 / 20.10.2012 23:14:31 -> ok owner: E = certs.test@w.d, CN = CAcert WoT User -> ok extended key usage: Nicht kritisch E-Mail-Schutz (1.3.6.1.5.5.7.3.4) TLS-Web-Client-Authentifikation (1.3.6.1.5.5.7.3.2) Microsoft-Dateisystemverschlüsselung (1.3.6.1.4.1.311.10.3.4) Microsoft servergesperrte Kryptographie (1.3.6.1.4.1.311.10.3.3) Netscape servergesperrte Kryptographie (2.16.840.1.113730.4.1) certs alternate name Nicht kritisch E-Mail-Adresse: certs.test@w.d => all ok c) email 1 class1 "Certs Test" enable cert login create client cert install client cert x1) Valid certs.test@w.d 115D Not Revoked 2012-10-20 21:26:44 serno: 115d displ.name: Certs Test -> ok owner: E = certs.test@w.d, CN = Certs Test -> ok extended key usage -> ok cert alternate name: Nicht kritisch E-Mail-Adresse: certs.test@w.d -> => all ok d) email 1 class3 "Certs Test" enable cert login create client cert install client cert x1) Valid certs.test@w.d 10D7 Not Revoked 2012-10-20 21:32:52 serno: 10d7 displ.name: Certs Test -> ok owner: E = certs.test@w.d, CN = Certs Test -> ok extended key usage -> ok cert alternate name: Nicht kritisch E-Mail-Adresse: certs.test@w.d -> ok => all ok e) email 1 class1 "Certs Sub Test" enable cert login create client cert install client cert x1) Valid certs.test@w.d 115E Not Revoked 2012-10-20 21:37:02 serno: 115e displ.name: Certs Sub Test -> ok owner: E = certs.test@w.d, CN = Certs Sub Test -> ok extended key usage -> ok cert alternate name: Nicht kritisch E-Mail-Adresse: certs.test@w.d -> ok => all ok f) email 1 class3 "Certs Sub Test" enable cert login create client cert install client cert x1) Valid certs.test@w.d 10D8 Not Revoked 2012-10-20 21:46:32 serno: 10d8 displ.name: Certs Sub Test -> ok owner: E = certs.test@w.d, CN = Certs Sub Test -> ok extended key usage: Nicht kritisch E-Mail-Schutz (1.3.6.1.5.5.7.3.4) TLS-Web-Client-Authentifikation (1.3.6.1.5.5.7.3.2) Microsoft-Dateisystemverschlüsselung (1.3.6.1.4.1.311.10.3.4) Microsoft servergesperrte Kryptographie (1.3.6.1.4.1.311.10.3.3) Netscape servergesperrte Kryptographie (2.16.840.1.113730.4.1) certs alternate name Nicht kritisch E-Mail-Adresse: certs.test@w.d => all ok x1) runs into fix https://bugs.cacert.org/view.php?id=1017 /account.php?id=6 list 3 options a. Install the certificate into your browser b. Download the certificate in PEM format c. Download the certificate in DER format using a. with FF see also https://bugs.cacert.org/view.php?id=440#c3203 |
|
1054.3.6 part II test 0000002 - server certs variations similar to test https://bugs.cacert.org/view.php?id=440#c2839 re-test using prev account from bug#440 testing using prev used domain under bug#440 testing openssl genrsa -out test1-avintec-com-512.key 512 openssl req -new -key test1-avintec-com-512.key -out test1-avintec-com-512.csr paste csr sign class1 <paste> submit error/warning "The keys that you use are very small and therefore insecure. Please generate stronger keys. More information about this issue can be found in the wiki" => ok openssl genrsa -out test1-avintec-com-1024.key 1024 openssl req -new -key test1-avintec-com-1024.key -out test1-avintec-com-1024.csr sign class1 <paste> submit Please make sure the following details are correct before proceeding any further. CommonName: test1.avintec.com No additional information will be included on certificates because it can not be automatically checked by the system. submit returns: Below is your Server Certificate -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- new file test1-avintec-com-1024-signed-c1.key <paste> key in list: Valid test1.avintec.com 115F Not Revoked 2012-10-21 12:19:20 openssl x509 -text -in test1-avintec-com-1024-signed-c1.key -noout .................................................................... Certificate: Data: Version: 3 (0x2) Serial Number: 4447 (0x115f) Signature Algorithm: sha1WithRSAEncryption Issuer: C=AU, ST=New South Wales, O=CAcert Testserver, OU=http://cacert1 .it-sls.de, CN=CAcert Testserver Root Validity Not Before: Sep 21 12:19:20 2012 GMT Not After : Oct 21 12:19:20 2012 GMT Subject: CN=test1.avintec.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): [...] Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Digital Signature, Key Encipherment, Key Agreement X509v3 Extended Key Usage: TLS Web Client Authentication, TLS Web Server Authentication, Ne tscape Server Gated Crypto, Microsoft Server Gated Crypto Authority Information Access: OCSP - URI:http://ocsp.cacert.org/ X509v3 CRL Distribution Points: URI:http://crl.cacert.org/revoke.crl X509v3 Subject Alternative Name: DNS:test1.avintec.com, othername:<unsupported> Signature Algorithm: sha1WithRSAEncryption .................................................................... => ok openssl genrsa -out test1-avintec-com-2048.key 2048 openssl req -new -key test1-avintec-com-2048.key -out test1-avintec-com-2048.csr sign class1 <paste> submit Please make sure the following details are correct before proceeding any further. CommonName: test1.avintec.com No additional information will be included on certificates because it can not be automatically checked by the system. submit returns: Below is your Server Certificate -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- new file test1-avintec-com-2048-signed-c1.key <paste> key in list: Valid test1.avintec.com 1160 Not Revoked 2012-10-21 12:43:39 openssl x509 -text -in test1-avintec-com-2048-signed-c1.key -noout ...................................................... Certificate: Data: Version: 3 (0x2) Serial Number: 4448 (0x1160) Signature Algorithm: sha1WithRSAEncryption Issuer: C=AU, ST=New South Wales, O=CAcert Testserver, OU=http://cacert1 .it-sls.de, CN=CAcert Testserver Root Validity Not Before: Sep 21 12:43:39 2012 GMT Not After : Oct 21 12:43:39 2012 GMT Subject: CN=test1.avintec.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): [...] Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Digital Signature, Key Encipherment, Key Agreement X509v3 Extended Key Usage: TLS Web Client Authentication, TLS Web Server Authentication, Ne tscape Server Gated Crypto, Microsoft Server Gated Crypto Authority Information Access: OCSP - URI:http://ocsp.cacert.org/ X509v3 CRL Distribution Points: URI:http://crl.cacert.org/revoke.crl X509v3 Subject Alternative Name: DNS:test1.avintec.com, othername:<unsupported> Signature Algorithm: sha1WithRSAEncryption [...] ...................................................... => ok see also https://bugs.cacert.org/view.php?id=440#c3206 |
|
1054.3.6 part III test 0000003 - client certs variations, multiple emails in cert using prev account from bug#440 testing adding 2 more email addresses to test account old 1. certs.test@w.d add 2. bug1054.3.6.3.user1@w.d add 3. bug1054.3.6.3.user2@w.d email accounts - view: prim Verified N/A certs.test@w.d sec1 Verified bug1054.3.6.3.user1@w.d sec2 Verified bug1054.3.6.3.user2@w.d => ok client cert - new selecting email 1-3 class 1 Include 'Certs Sub Test' enable cert login Next Create Cert Request (High) Install the certificate into your browser cert has been installed .... client certs - view: addtl. key: Valid certs.test@w.d 1161 Not Revoked 2012-10-21 13:02:39 Name: Certs Sub Test -> ok Valid from/to: 21.09.2012 15:02:39 / 21.10.2012 15:02:39 -> ok owner: E = bug1054.3.6.3.user2@w.d E = bug1054.3.6.3.user1@w.d E = certs.test@w.d CN = Certs Sub Test -> ok cert alternate name(s): Nicht kritisch E-Mail-Adresse: certs.test@w.d E-Mail-Adresse: bug1054.3.6.3.user1@w.d E-Mail-Adresse: bug1054.3.6.3.user2@w.d -> ok openssl x509 -text -in client-cert-CertsSubTest-c1-3addr.pem -noout .............................................................. Certificate: Data: Version: 3 (0x2) Serial Number: 4449 (0x1161) Signature Algorithm: sha1WithRSAEncryption Issuer: C=AU, ST=New South Wales, O=CAcert Testserver, OU=http://cacert1 .it-sls.de, CN=CAcert Testserver Root Validity Not Before: Sep 21 13:02:39 2012 GMT Not After : Oct 21 13:02:39 2012 GMT Subject: CN=Certs Sub Test/emailAddress=certs.test@w.d/emailAddre ss=bug1054.3.6.3.user1@w.d/emailAddress=bug1054.3.6.3.user2@w.d Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): [...] Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE Netscape Comment: To get your own certificate for FREE head over to http://www.CAc ert.org X509v3 Key Usage: critical Digital Signature, Key Encipherment, Key Agreement X509v3 Extended Key Usage: E-mail Protection, TLS Web Client Authentication, Microsoft Encr ypted File System, Microsoft Server Gated Crypto, Netscape Server Gated Crypto Authority Information Access: OCSP - URI:http://ocsp.cacert.org X509v3 CRL Distribution Points: URI:http://crl.cacert.org/revoke.crl X509v3 Subject Alternative Name: email:certs.test@w.d, email:bug1054.3.6.3.user1@w.d, email:bug1054.3.6.3.user2@w.d Signature Algorithm: sha1WithRSAEncryption [...] .............................................................. => seems to be ok |
|
1054.3.6 part IV test 0000004 server cert variation multiple servernames in one csr openssl genrsa -out test2-avintec-com-2048.key 2048 openssl req -new -key test2-avintec-com-2048.key -out test2-avintec-com-2048.csr using: Common Name (e.g. server FQDN or YOUR name) []:test1.avintec.com,mail.avintec.co m,www.avintec.com,www.fra.avintec.com,mx.avintec.com,support.avintec.com string is too long, it needs to be less than 64 bytes long Common Name (e.g. server FQDN or YOUR name) []:test1.avintec.com ok, again ... how to enter multiple hostnames into an csr request ? see http://apetec.com/support/GenerateSAN-CSR.htm copy openssl.cnf to openssl-san.cfg edit openssl-san.cfg adding: ............................................................ [ v3_req ] # Extensions to add to a certificate request basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = test1.avintec.com DNS.2 = mail.avintec.com DNS.3 = www.avintec.com DNS.4 = www.fra.avintec.com DNS.5 = mx.avintec.com DNS.6 = support.avintec.com ............................................................ starting script: openssl genrsa -out test2-avintec-com-2048.key 2048 openssl req -new -out test2-avintec-com-2048.csr -key test2-avintec-com-2048.key -config openssl-san.cfg copy content of test2-avintec-com-2048.csr as server signing request Please make sure the following details are correct before proceeding any further. CommonName: test1.avintec.com No additional information will be included on certificates because it can not be automatically checked by the system. submit Below is your Server Certificate -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- output to file test2-avintec-com-2048-signed-c1.key openssl x509 -text -in test2-avintec-com-2048-signed-c1.key -noout ................................................................. Certificate: Data: Version: 3 (0x2) Serial Number: 4450 (0x1162) Signature Algorithm: sha1WithRSAEncryption Issuer: C=AU, ST=New South Wales, O=CAcert Testserver, OU=http://cacert1 .it-sls.de, CN=CAcert Testserver Root Validity Not Before: Sep 21 13:50:27 2012 GMT Not After : Oct 21 13:50:27 2012 GMT Subject: CN=test1.avintec.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): [...] Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Digital Signature, Key Encipherment, Key Agreement X509v3 Extended Key Usage: TLS Web Client Authentication, TLS Web Server Authentication, Ne tscape Server Gated Crypto, Microsoft Server Gated Crypto Authority Information Access: OCSP - URI:http://ocsp.cacert.org/ X509v3 CRL Distribution Points: URI:http://crl.cacert.org/revoke.crl X509v3 Subject Alternative Name: DNS:test1.avintec.com, othername:<unsupported> Signature Algorithm: sha1WithRSAEncryption [...] ................................................................. => fail subjAltNames not transfered :-P procedural problem ?!? verifying csr request: openssl req -text -noout -in test2-avintec-com-2048.csr ................................................................. Certificate Request: Data: Version: 0 (0x0) Subject: C=DE, ST=Germany, L=Frankfurt/Main, O=AVINTEC, OU=IT, CN=test1. avintec.com/emailAddress=certs.test@w.d Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): [...] Exponent: 65537 (0x10001) Attributes: a0:00 Signature Algorithm: sha1WithRSAEncryption [...] ................................................................. no SAN's :-P correct conf file has been used as some parameters has been changed to other default values, shown in the interactive openssl keygen process probably the conf parameter [req] req_extensions = v3_req was missing, retrying .... openssl genrsa -out test2-avintec-com-2048.key 2048 openssl req -new -out test2-avintec-com-2048.csr -key test2-avintec-com-2048.key -config openssl-san.cfg testing csr: openssl req -text -noout -in test2-avintec-com-2048.csr ................................................................. Certificate Request: Data: Version: 0 (0x0) Subject: C=DE, ST=Germany, L=Frankfurt/Main, O=AVINTEC, OU=IT, CN=test1. avintec.com/emailAddress=certs.test@w.d Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): [...] Exponent: 65537 (0x10001) Attributes: Requested Extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment X509v3 Subject Alternative Name: DNS:test1.avintec.com, DNS:mail.avintec.com, DNS:www.avintec.com , DNS:www.fra.avintec.com, DNS:mx.avintec.com, DNS:support.avintec.com Signature Algorithm: sha1WithRSAEncryption [...] ................................................................. => seems to be ok until this state copy & paste content of test2-avintec-com-2048.csr to the signing request results in: Please make sure the following details are correct before proceeding any further. CommonName: test1.avintec.com subjectAltName: DNS:test1.avintec.com subjectAltName: DNS:mail.avintec.com subjectAltName: DNS:www.avintec.com subjectAltName: DNS:www.fra.avintec.com subjectAltName: DNS:mx.avintec.com subjectAltName: DNS:support.avintec.com No additional information will be included on certificates because it can not be automatically checked by the system. submit Below is your Server Certificate -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- copy & paste into new file test2-avintec-com-2048-signed-c1.key testing key openssl x509 -text -in test2-avintec-com-2048-signed-c1.key -noout ....................................................................... Certificate: Data: Version: 3 (0x2) Serial Number: 4451 (0x1163) Signature Algorithm: sha1WithRSAEncryption Issuer: C=AU, ST=New South Wales, O=CAcert Testserver, OU=http://cacert1 .it-sls.de, CN=CAcert Testserver Root Validity Not Before: Sep 21 14:41:43 2012 GMT Not After : Oct 21 14:41:43 2012 GMT Subject: CN=test1.avintec.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): [...] Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Digital Signature, Key Encipherment, Key Agreement X509v3 Extended Key Usage: TLS Web Client Authentication, TLS Web Server Authentication, Ne tscape Server Gated Crypto, Microsoft Server Gated Crypto Authority Information Access: OCSP - URI:http://ocsp.cacert.org/ X509v3 CRL Distribution Points: URI:http://crl.cacert.org/revoke.crl X509v3 Subject Alternative Name: DNS:test1.avintec.com, othername:<unsupported>, DNS:mail.avintec .com, othername:<unsupported>, DNS:www.avintec.com, othername:<unsupported>, DNS :www.fra.avintec.com, othername:<unsupported>, DNS:mx.avintec.com, othername:<un supported>, DNS:support.avintec.com, othername:<unsupported> Signature Algorithm: sha1WithRSAEncryption ....................................................................... => seems to be ok see also https://bugs.cacert.org/view.php?id=440#c3210 |
|
1054.3.6 part V client certs variation renewal of cert 1. Valid certs.test@w.d 115C Not Revoked 2012-10-20 21:04:00 Now renewing the following certificates: Certificate for 'certs.test@w.d' has been renewed. Click here to install your certificate. (next page) x1) Install your certificate Install the certificate into your browser new cert Valid certs.test@w.d 1164 Not Revoked 2012-10-21 21:26:44 (next cert after Serial Number: 4449 (0x1161) -> 1164) cert serno 115c no longer in list view all certs, 115c listed: Valid certs.test@w.d 115C Not Revoked 2012-10-20 21:04:00 cert serno 1164 details: not yet visible in FF cert store ok, retrying to save new key in FF cert store Install the certificate into your browser https://cacert1.it-sls.de/account.php?id=6&cert=259099&install result: cert stored in cert store ... (or similar msg) now cert is visible in FF cert store Serno: 11:64 valid from/to: 21.09.2012 23:26:44 / 21.10.2012 23:26:44 owner: E = certs.test@w.d CN = CAcert WoT User -> ok cert-alternate-name Nicht kritisch E-Mail-Adresse: certs.test@w.d -> ok 2. renew key ------------------------------------------------------------- Valid certs.test@w.d 1161 Not Revoked 2012-10-21 13:02:39 Name: Certs Sub Test -> ok Valid from/to: 21.09.2012 15:02:39 / 21.10.2012 15:02:39 -> ok owner: E = bug1054.3.6.3.user2@w.d E = bug1054.3.6.3.user1@w.d E = certs.test@w.d CN = Certs Sub Test ------------------------------------------------------------- Now renewing the following certificates: Certificate for 'certs.test@w.d' has been renewed. Click here to install your certificate. https://cacert1.it-sls.de/account.php?id=6&cert=259100 x1) link opens new window/tab ... -> problem Install your certificate Install the certificate into your browser https://cacert1.it-sls.de/account.php?id=6&cert=259100&install cert saved to cert store new cert in list: Valid certs.test@w.d 1165 Not Revoked 2012-10-21 21:41:56 prev cert not in main list view all certs (cert still there) Valid certs.test@w.d 1161 Not Revoked 2012-10-21 13:02:39 cert 1165 details serno: 11:65 valid from/to: 21.09.2012 23:41:56 / 21.10.2012 23:41:56 -> ok owner: E = bug1054.3.6.3.user2@w.d E = bug1054.3.6.3.user1@w.d E = certs.test@w.d CN = Certs Sub Test -> ok externded keyusage -> ok cert-alternate-name: Nicht kritisch E-Mail-Adresse: certs.test@w.d E-Mail-Adresse: bug1054.3.6.3.user1@w.d E-Mail-Adresse: bug1054.3.6.3.user2@w.d -> ok => all ok except problem of https://bugs.cacert.org/view.php?id=1017 routine x1) runs into fix https://bugs.cacert.org/view.php?id=1017 [^] /account.php?id=6 list 3 options a. Install the certificate into your browser b. Download the certificate in PEM format c. Download the certificate in DER format using a. with FF |
|
1054.3.6 part VI server certs variation renewal of cert 1. Valid test1.avintec.com 115F Not Revoked 2012-10-21 12:19:20 details original cert openssl x509 -text -in test1-avintec-com-1024-signed-c1.key -noout .................................................................... Certificate: Data: Version: 3 (0x2) Serial Number: 4447 (0x115f) Signature Algorithm: sha1WithRSAEncryption Issuer: C=AU, ST=New South Wales, O=CAcert Testserver, OU=http://cacert1 [^] .it-sls.de, CN=CAcert Testserver Root Validity Not Before: Sep 21 12:19:20 2012 GMT Not After : Oct 21 12:19:20 2012 GMT Subject: CN=test1.avintec.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): [...] Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Digital Signature, Key Encipherment, Key Agreement X509v3 Extended Key Usage: TLS Web Client Authentication, TLS Web Server Authentication, Ne tscape Server Gated Crypto, Microsoft Server Gated Crypto Authority Information Access: OCSP - URI:http://ocsp.cacert.org/ [^] X509v3 CRL Distribution Points: URI:http://crl.cacert.org/revoke.crl [^] X509v3 Subject Alternative Name: DNS:test1.avintec.com, othername:<unsupported> Signature Algorithm: sha1WithRSAEncryption .................................................................... => ok starting renewal: Now renewing the following certificates: Processing request 302035: Renewing: test1.avintec.com -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- content saved to test1-renewal-115f-signed-c1.key new key after renewal: Valid test1.avintec.com 1166 Not Revoked 2012-10-21 22:06:42 old key 115f not visible in main server certs list view all certs (shows in the list) Valid test1.avintec.com 115F Not Revoked 2012-10-21 12:19:20 details of server cert 0001166 openssl x509 -text -in test1-renewal-115f-signed-c1.key -noout ................................................................. Certificate: Data: Version: 3 (0x2) Serial Number: 4454 (0x1166) Signature Algorithm: sha1WithRSAEncryption Issuer: C=AU, ST=New South Wales, O=CAcert Testserver, OU=http://cacert1 .it-sls.de, CN=CAcert Testserver Root Validity Not Before: Sep 21 22:06:42 2012 GMT Not After : Oct 21 22:06:42 2012 GMT Subject: CN=test1.avintec.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): [...] Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Digital Signature, Key Encipherment, Key Agreement X509v3 Extended Key Usage: TLS Web Client Authentication, TLS Web Server Authentication, Ne tscape Server Gated Crypto, Microsoft Server Gated Crypto Authority Information Access: OCSP - URI:http://ocsp.cacert.org/ X509v3 CRL Distribution Points: URI:http://crl.cacert.org/revoke.crl X509v3 Subject Alternative Name: DNS:test1.avintec.com, othername:<unsupported> Signature Algorithm: sha1WithRSAEncryption [...] ................................................................. => ok 2. Valid test1.avintec.com 1163 Not Revoked 2012-10-21 14:41:43 details original cert openssl x509 -text -in test2-avintec-com-2048-signed-c1.key -noout ....................................................................... Certificate: Data: Version: 3 (0x2) Serial Number: 4451 (0x1163) Signature Algorithm: sha1WithRSAEncryption Issuer: C=AU, ST=New South Wales, O=CAcert Testserver, OU=http://cacert1 [^] .it-sls.de, CN=CAcert Testserver Root Validity Not Before: Sep 21 14:41:43 2012 GMT Not After : Oct 21 14:41:43 2012 GMT Subject: CN=test1.avintec.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): [...] Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Digital Signature, Key Encipherment, Key Agreement X509v3 Extended Key Usage: TLS Web Client Authentication, TLS Web Server Authentication, Ne tscape Server Gated Crypto, Microsoft Server Gated Crypto Authority Information Access: OCSP - URI:http://ocsp.cacert.org/ [^] X509v3 CRL Distribution Points: URI:http://crl.cacert.org/revoke.crl [^] X509v3 Subject Alternative Name: DNS:test1.avintec.com, othername:<unsupported>, DNS:mail.avintec .com, othername:<unsupported>, DNS:www.avintec.com, othername:<unsupported>, DNS :www.fra.avintec.com, othername:<unsupported>, DNS:mx.avintec.com, othername:<un supported>, DNS:support.avintec.com, othername:<unsupported> Signature Algorithm: sha1WithRSAEncryption ....................................................................... => ok starting renewal: Now renewing the following certificates: Processing request 302038: Renewing: test1.avintec.com -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- content saved to test2-renewal-1163-signed-c1.key new key after renewal: Valid test1.avintec.com 1167 Not Revoked 2012-10-21 22:17:20 old key 1163 not visible in main server certs list view all certs (shows in the list) Valid test1.avintec.com 1163 Not Revoked 2012-10-21 14:41:43 details of server cert 0001166 openssl x509 -text -in test2-renewal-1163-signed-c1.key -noout ................................................................. Certificate: Data: Version: 3 (0x2) Serial Number: 4455 (0x1167) Signature Algorithm: sha1WithRSAEncryption Issuer: C=AU, ST=New South Wales, O=CAcert Testserver, OU=http://cacert1 .it-sls.de, CN=CAcert Testserver Root Validity Not Before: Sep 21 22:17:20 2012 GMT Not After : Oct 21 22:17:20 2012 GMT Subject: CN=test1.avintec.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): [...] Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Digital Signature, Key Encipherment, Key Agreement X509v3 Extended Key Usage: TLS Web Client Authentication, TLS Web Server Authentication, Ne tscape Server Gated Crypto, Microsoft Server Gated Crypto Authority Information Access: OCSP - URI:http://ocsp.cacert.org/ X509v3 CRL Distribution Points: URI:http://crl.cacert.org/revoke.crl X509v3 Subject Alternative Name: DNS:test1.avintec.com, othername:<unsupported>, DNS:mail.avintec .com, othername:<unsupported>, DNS:www.avintec.com, othername:<unsupported>, DNS :www.fra.avintec.com, othername:<unsupported>, DNS:mx.avintec.com, othername:<un supported>, DNS:support.avintec.com, othername:<unsupported> Signature Algorithm: sha1WithRSAEncryption [...] ................................................................. => ok => all ok |
|
1054.4.12 show_user_link() name="" -> "System" or "Deleted account" under user account ulrich@c.o admin console Show Assurances the user gave (New calculation) ^^^^^^^^^^^^^^^ assurance id: 255093 255093 11.08.2010 2010-08-11 01:00:44 Deleted account <=== 1 Testserver, -CCA Face to Face Meeting 2 => ok |
|
1054.4.16 login to an "old" account with several "buggy" notary table entries eg empty assurance method lines, tverify points, TTP points, "yellow" lines check new points calculation 15.php login to admin account search user in admin interface show member user received / gave new calculation compare both tables 10.php old calculations mixed methods: Face to Face Meeting, Administrative Increase, CT Magazine - Germany, "Project-Id-Version: CAcert Production Report-Msgid-Bugs-To: translations-admin@cacert.org POT-Creation-Date: 2012-09-17 10:51+0200 PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE Last-Translator: FULL NAME Language-Team: LANGUAGE Language: en MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Generator: Translate Toolkit 1.9.0 " (!!!) Thawte Points Transfer assurance points rcvd total: 200 assurances given: methods: Face to Face Meeting, <empty> (was several TTP assurance), Thawte Points Transfer assurance points given total: 2342 15.php Summary of your Points Description Points Countable Points Remark Assurance Points you received 719 100 Limit reached Total Experience Points by Assurance 270 50 Limit reached Total Experience Points (other ways) 173 0 Limit reached Total Points 150 You may issue up to 35 points assurance pts given: Face to Face Meeting, <empty> (was several TTP assurance), Thawte Points Transfer assurance points given total: 6024, EPs 270 assurance pts rcvd: methods: Face to Face Meeting, Thawte Points Transfer, <empty> (was TTP), Administrative Increase, CT Magazine - Germany total pts: 719, EP 173 admin console Show Assurances the user got (New calculation) ^^^^^^^^^^^^^^^ methods: Face to Face Meeting, Thawte Points Transfer, <empty> (was TTP), Administrative Increase, CT Magazine - Germany total pts: 719, EP 173 Show Assurances the user gave (New calculation) ^^^^^^^^^^^^^^^ methods: Face to Face Meeting, <empty> (was TTP), Thawte Points Transfer, total points issued: 6024, EP 270 |
|
1054.4.18 + 1054.4.21 using outputs from 1054.4.16 print to pdf for better compare inspect 0 records under 10.php inspect different assurance methods and their results compare to related records (use assurance id) under 15.php tables switched between 10.php and 15.php, table points rcvd is top in 10.php is bottom in 15.php table points given is bottom in 10.php is top in 15.php eg 10: 183546 / 2010-08-04 13:34:54 / John 5 Doe / 0 / CAcert Test Manager / F2F 15: 183546 / 2010-08-04 13:34:54 / John 5 Doe / 30 / CAcert Test Manager / F2F / 0 -> ok 10: 183324 / 2010-07-05 / Andreas Baess / 5 / Im Testsystem vertraue ich jedem :-) / F2F 15: 183324 / 2010-07-05 / Andreas Baess / 5 / Im Testsystem vertraue ich jedem :-) / F2F / 0 -> ok 10: 183502 / 04.08.2010 / Ulrich Schroeter / 2 / Testsystem, +CCA / Administrative Increase 15: not found -> ok 10: 255390 / 2010-09-01 22:40:22 / Mario Lipinski / 0 / CT / CT Magazine 15: 255390 / 2010-09-01 22:40:22 / Mario Lipinski / Revoked / CT / CT Magazine / 0 -> ok 10: 255389 / 2010-09-01 22:39:14 / Mario Lipinski / 0 / Admin Incr. / Admin Incr. 15: 255389 / 2010-09-01 22:39:14 / Mario Lipinski / 9 / Admin Incr. / Admin Incr. / 0 -> ok 10: 255388 / 2010-09-01 22:37:23 / Mario Lipinski / 0 / TTP / x1) 15: 255388 / 2010-09-01 22:37:23 / Mario Lipinski / 100 / TTP / <empty> / 23 -> ok 10: 255383 / 2010-08-25 10:37:47 / Mario Lipinski / 50 / 38102 / Thawte Points Transfer 15: 255383 / 2010-08-25 10:37:47 / Mario Lipinski / Revoked / 38102 / Thawte Points Transfer / 0 -> ok => all ok x1) Full text is: Project-Id-Version: CAcert Production Report-Msgid- Bugs-To: translationsadmin@ cacert.org POT-Creation-Date: 2012-09-17 10:51+0200 PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE Last-Translator: FULL NAME Language-Team: LANGUAGE Language: en MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content- Transfer-Encoding: 8bit X-Generator: Translate Toolkit 1.9.0 |
|
see report http://bugs.cacert.org/view.php?id=1101#c3252 |
|
1054.5.1 test scenario --------- created new account Bug1054.5.1.user1@w.d verified set flags board, tverify on an admin user login assure someone Bug1054.5.1.User1@w.d only f2f or ttp available as selection no tverify https://cacert1.it-sls.de/tverify/index.php file not found => ok |
|
A patch is here: (including www/index.php) https://github.com/yellowant/cacert-devel/commits/bug-1054 |
Date Modified | Username | Field | Change |
---|---|---|---|
2012-05-31 04:01 | INOPIAE | New Issue | |
2012-05-31 04:01 | INOPIAE | Assigned To | => egal |
2012-08-27 13:25 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver 563ebf3e |
2012-08-27 13:25 | Source_changeset_attached | => cacert-devel testserver e2a8b5de | |
2012-08-27 13:35 | NEOatNHNG | Note Added: 0003161 | |
2012-08-27 13:35 | NEOatNHNG | Status | new => needs work |
2012-08-28 10:02 | Uli60 | Relationship added | related to 0000948 |
2012-08-28 10:40 | Uli60 | Note Added: 0003163 | |
2012-08-28 12:11 | NEOatNHNG | Relationship deleted | related to 0000948 |
2012-08-28 20:46 | INOPIAE | Note Added: 0003166 | |
2012-08-28 20:46 | INOPIAE | Note Edited: 0003166 | |
2012-08-28 20:54 | INOPIAE | Note Edited: 0003166 | |
2012-08-28 20:57 | Uli60 | Relationship added | related to 0000872 |
2012-08-28 21:21 | INOPIAE | Note Edited: 0003166 | |
2012-08-28 22:03 | Uli60 | Note Added: 0003171 | |
2012-08-28 22:40 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver fedae61c |
2012-08-28 22:40 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver 56ca0c87 |
2012-08-28 22:52 | Uli60 | Note Added: 0003172 | |
2012-08-28 23:00 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver 65e95932 |
2012-08-28 23:00 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver b11f8e96 |
2012-08-28 23:00 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver 6aa33870 |
2012-08-28 23:00 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver 307f995b |
2012-08-28 23:03 | Uli60 | Note Added: 0003173 | |
2012-08-28 23:14 | NEOatNHNG | Note Added: 0003174 | |
2012-09-04 21:54 | Uli60 | Note Added: 0003175 | |
2012-09-04 22:00 | Uli60 | Note Added: 0003176 | |
2012-09-04 22:02 | Uli60 | Note Edited: 0003176 | |
2012-09-04 22:04 | Uli60 | Note Added: 0003177 | |
2012-09-04 22:10 | Uli60 | Note Added: 0003178 | |
2012-09-04 22:13 | Uli60 | Note Added: 0003179 | |
2012-09-04 22:20 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver 6f09dcf2 |
2012-09-04 22:20 | Source_changeset_attached | => cacert-devel testserver e1a89f57 | |
2012-09-04 22:20 | Source_changeset_attached | => cacert-devel testserver cdf9692d | |
2012-09-04 22:26 | Uli60 | Note Added: 0003180 | |
2012-09-04 23:07 | Uli60 | Note Added: 0003182 | |
2012-09-11 21:02 | Uli60 | Note Edited: 0003182 | |
2012-09-11 21:03 | Uli60 | Relationship added | related to 0001096 |
2012-09-11 21:10 | Uli60 | Note Added: 0003185 | |
2012-09-11 21:28 | Uli60 | Note Added: 0003186 | |
2012-09-11 21:55 | INOPIAE | Note Added: 0003188 | |
2012-09-11 23:37 | Uli60 | Note Added: 0003189 | |
2012-09-11 23:38 | Uli60 | Assigned To | egal => Ted |
2012-09-11 23:39 | Uli60 | Relationship added | related to 0000835 |
2012-09-11 23:40 | Uli60 | Relationship added | related to 0001098 |
2012-09-12 00:51 | Uli60 | Note Added: 0003191 | |
2012-09-12 16:24 | Uli60 | Note Added: 0003194 | |
2012-09-18 21:24 | Uli60 | Note Added: 0003200 | |
2012-09-18 21:40 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver 5fcbbb05 |
2012-09-18 21:40 | Source_changeset_attached | => cacert-devel testserver 4a3440f3 | |
2012-09-18 22:35 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver 2d62ec44 |
2012-09-18 22:35 | Source_changeset_attached | => cacert-devel testserver 90765f64 | |
2012-09-18 22:35 | Source_changeset_attached | => cacert-devel testserver 155844fd | |
2012-09-18 22:35 | Source_changeset_attached | => cacert-devel testserver d2d4a360 | |
2012-09-19 00:21 | Uli60 | Note Added: 0003201 | |
2012-09-19 00:45 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver d0d9d817 |
2012-09-19 00:45 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver 25a2c1ba |
2012-09-19 00:50 | Uli60 | Note Added: 0003202 | |
2012-09-19 00:54 | Uli60 | Note Edited: 0003202 | |
2012-09-19 00:57 | Uli60 | Note Edited: 0003202 | |
2012-09-19 10:36 | Uli60 | Relationship added | related to 0000440 |
2012-09-20 21:54 | Uli60 | Note Added: 0003204 | |
2012-09-21 12:52 | Uli60 | Note Added: 0003207 | |
2012-09-21 13:12 | Uli60 | Note Added: 0003208 | |
2012-09-21 14:47 | Uli60 | Note Added: 0003211 | |
2012-09-21 21:48 | Uli60 | Note Added: 0003212 | |
2012-09-21 21:53 | Uli60 | Relationship added | related to 0001017 |
2012-09-21 21:57 | Uli60 | Relationship added | related to 0001035 |
2012-09-21 22:23 | Uli60 | Note Added: 0003215 | |
2012-09-21 23:48 | Uli60 | Note Added: 0003218 | |
2012-09-21 23:50 | Uli60 | Note Edited: 0003218 | |
2012-09-21 23:53 | Uli60 | Note Added: 0003219 | |
2012-09-22 00:36 | Uli60 | Note Added: 0003220 | |
2012-09-22 00:38 | Uli60 | Note Edited: 0003220 | |
2012-09-23 11:23 | Uli60 | Relationship added | related to 0001101 |
2012-10-02 23:45 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver 8cd72df5 |
2012-10-02 23:45 | Source_changeset_attached | => cacert-devel testserver 80850ba4 | |
2012-10-16 13:36 | Uli60 | Note Added: 0003253 | |
2012-10-23 22:39 | Uli60 | Note Added: 0003268 | |
2012-11-07 00:40 | BenBE | Source_changeset_attached | => cacert-devel testserver 94e1086e |
2012-11-07 00:40 | Source_changeset_attached | => cacert-devel testserver 826556f8 | |
2012-12-20 19:09 | Werner Dworak | Relationship added | parent of 0000301 |
2012-12-27 06:20 | Werner Dworak | Relationship added | related to 0001042 |
2012-12-27 06:33 | Werner Dworak | Relationship added | related to 0000827 |
2013-01-07 15:01 | Werner Dworak | Relationship added | related to 0000114 |
2013-01-09 04:04 | Werner Dworak | Relationship added | related to 0001134 |
2013-05-14 21:29 | INOPIAE | Relationship added | related to 0001177 |
2013-05-14 21:29 | INOPIAE | Relationship deleted | related to 0001177 |
2013-05-14 21:30 | INOPIAE | Relationship added | child of 0001177 |
2013-10-24 13:18 | Uli60 | Relationship added | related to 0001208 |
2013-10-24 13:36 | Uli60 | Relationship added | related to 0001216 |
2014-09-02 20:52 | INOPIAE | Relationship deleted | child of 0001177 |
2014-09-02 20:52 | INOPIAE | Relationship added | related to 0001177 |
2015-04-07 20:08 | felixd | Note Added: 0005368 | |
2015-04-07 20:08 | felixd | Status | needs work => fix available |
2015-05-05 22:01 | BenBE | Status | fix available => needs review & testing |
2021-08-25 13:37 | bdmc | Relationship added | related to 0000769 |