View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0001570 | Main CAcert Website | certificate issuing | public | 2024-10-22 17:17 | 2024-12-04 18:50 |
Reporter | alkas | Assigned To | jandd | ||
Priority | normal | Severity | major | Reproducibility | always |
Status | new | Resolution | open | ||
Platform | Default | OS | any | OS Version | any |
Product Version | 2017 Q4 | ||||
Target Version | 2017 Q4 | ||||
Summary | 0001570: Webapp "Client Certificate Generator" discrepancies | ||||
Description | After CSR is generated and saved to clipboard, the page part (see appendix CCG-o.gif): 1. The link "New client certificate page" leads to https://secure.cacert.org/account.php?id=3, but should lead to https://www.cacert.org/account.php?id=3, because an user complaints the link doesn't work with handshaking error at login, but if he works with www, all works OK. 2. The text about the checkbox "Show advanced options" differs from the "Client" - "New" page contents, as that checkbox doesn't exist anymore. | ||||
Steps To Reproduce | Try use the webapp "Client Certificate Generator", perform first two steps, look at the text, display the link target. | ||||
Tags | cacert.org, client certificate, client certificate generation webapp, community, CSR | ||||
Attached Files | |||||
Reviewed by | |||||
Test Instructions | |||||
|
I tried it and for me it works as following: Step 1 OK Step 2 OK Step 3 - if CSR copied into the field at the "Client Certificate Generator" -> nothig happend (I cannot see a button to press to contnue and the field with the CSR copied in does not start on his own. Step 3 - if I follow the link "New client certificate page" I come to https://secure.cacert.org/account.php?id=3 and when I click on "Weiter" it works (but maybe as I have allready a CAcert cert installed in my browser? I will check it with another browser and add another note) Tested with Vivaldi 5.6.2867.62 (Stable channel) stable (64-Bit) Betriebssystem Linux (Ubuntu 16:04 LTS) JavaScript V8 10.8.168.25 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 |
|
Second test with another machine with no CAcert certs pre installed: "Dies ist keine sichere Verbindung" -> Erweitert -> Weiter (unsicher) Step 1 OK Step 2 OK Step 3 - if CSR copied into the field at the "Client Certificate Generator" -> nothig happend (I cannot see a button to press to contnue and the field with the CSR copied in does not start on his own. Step 3 - if I follow the link "New client certificate page" -> "Dies ist keine sichere Verbindung" -> Erweitert -> Weiter (unsicher) -> Der Zugriff auf secure.cacert.org wurde verweigert. secure.cacert.org hat ihr Anmeldezertifikat nicht akzeptiert oder es wurde keines bereitgestellt. Setzen Sie sich mit dem Systemadministrator in Verbindung. ERR_BAD_SSLCLIENT_AUTH_CERT IF I CHANGE TH URL to from secure.cacert.org..... to www.cacert.org..... -> "Dies ist keine sichere Verbindung" -> Erweitert -> Weiter (unsicher) -> the address changes to www.cacert.org/index.php?id=4 where I should login in to my account. After login, I come to the account.php?id=3 page - I tried it without add my e-mail address -> not working - I tried it with adding my e-mail address -> working Tested with Vivaldi 6.9.3451.114 Betriebssystem Android 14 |
|
ad #0006278: Step 3 - if you are on the part displayed on the picture above, there is Not a CSR you need to copy to the field. You already have the CSR generated in the clipboard. In this phase,you need to go to the New Client Certificate page of CAcert web (including login), let the new cert issue, and the issued cert transfer Copy-Paste into that field. Then, the page of the webapp continues asking for the password to encipher the private key, prepare downloading .p12 file, etc. And while it may work for the majority of users, at least one user could not continue as the secure web reported a handshake error. And yes, you need to add your Email address to work - it is OK. More information will give you the author Jandd. |
|
Yet another user has reported this bug today, 20241203. The workaround: In the point Step 3 (see the picture above), do NOT click the link "New client certificate page". Instead, open browser's next tab and on that new page enter "https://www.cacert.org". Then login to your CAcert account and go to the menu "Client certificate - New". Your CSR is already in the clipboard, so you can paste it in the page's text field, then select proper Email address, set any more data you wish for your certificate, check the agreement with the CCA, and press "Next". After the certificate is issued, mark it from the line "----- BEGIN..." to the line "----- END..." inclusive, and Copy it with Ctrl-C. Now when you have your newly issued certificate in the clipboard, return to the application tab and paste it to the text field (see the picture again). Then continue with the application. |
|
I created https://code.cacert.org/cacert/browser-csr-generation/pulls/2 to address these issues. Please review the changes, especially the text that explains what to do with the CSR. |
Date Modified | Username | Field | Change |
---|---|---|---|
2024-10-22 17:17 | alkas | New Issue | |
2024-10-22 17:17 | alkas | Assigned To | => jandd |
2024-10-22 17:17 | alkas | Tag Attached: client certificate generation webapp | |
2024-10-22 17:17 | alkas | File Added: CCG-o.gif | |
2024-10-23 18:13 | L10N | Note Added: 0006278 | |
2024-10-23 18:29 | L10N | Note Added: 0006279 | |
2024-10-23 18:39 | L10N | Tag Attached: cacert.org | |
2024-10-23 18:39 | L10N | Tag Attached: community | |
2024-10-23 18:39 | L10N | Tag Attached: client certificate | |
2024-10-23 18:39 | L10N | Tag Attached: CSR | |
2024-10-23 18:57 | alkas | Note Added: 0006280 | |
2024-12-03 14:31 | alkas | Note Added: 0006290 | |
2024-12-04 18:50 | jandd | Note Added: 0006292 |