View Issue Details

IDProjectCategoryView StatusLast Update
0001570Main CAcert Websitecertificate issuingpublic2024-12-04 18:50
Reporteralkas Assigned Tojandd  
PrioritynormalSeveritymajorReproducibilityalways
Status newResolutionopen 
PlatformDefaultOSanyOS Versionany
Product Version2017 Q4 
Target Version2017 Q4 
Summary0001570: Webapp "Client Certificate Generator" discrepancies
DescriptionAfter CSR is generated and saved to clipboard, the page part (see appendix CCG-o.gif):
1. The link "New client certificate page" leads to https://secure.cacert.org/account.php?id=3, but should lead to https://www.cacert.org/account.php?id=3, because an user complaints the link doesn't work with handshaking error at login, but if he works with www, all works OK.
2. The text about the checkbox "Show advanced options" differs from the "Client" - "New" page contents, as that checkbox doesn't exist anymore.
Steps To ReproduceTry use the webapp "Client Certificate Generator", perform first two steps, look at the text, display the link target.
Tagscacert.org, client certificate, client certificate generation webapp, community, CSR
Attached Files
CCG-o.gif (81,955 bytes)   
CCG-o.gif (81,955 bytes)   
Reviewed by
Test Instructions

Activities

L10N

2024-10-23 18:13

reporter   ~0006278

I tried it and for me it works as following:
Step 1 OK
Step 2 OK
Step 3 - if CSR copied into the field at the "Client Certificate Generator" -> nothig happend (I cannot see a button to press to contnue and the field with the CSR copied in does not start on his own.
Step 3 - if I follow the link "New client certificate page" I come to https://secure.cacert.org/account.php?id=3 and when I click on "Weiter" it works (but maybe as I have allready a CAcert cert installed in my browser? I will check it with another browser and add another note)

Tested with
Vivaldi 5.6.2867.62 (Stable channel) stable (64-Bit)
Betriebssystem Linux (Ubuntu 16:04 LTS)
JavaScript V8 10.8.168.25
User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36

L10N

2024-10-23 18:29

reporter   ~0006279

Second test with another machine with no CAcert certs pre installed:
"Dies ist keine sichere Verbindung" -> Erweitert -> Weiter (unsicher)
Step 1 OK
Step 2 OK
Step 3 - if CSR copied into the field at the "Client Certificate Generator" -> nothig happend (I cannot see a button to press to contnue and the field with the CSR copied in does not start on his own.
Step 3 - if I follow the link "New client certificate page" -> "Dies ist keine sichere Verbindung" -> Erweitert -> Weiter (unsicher) -> Der Zugriff auf secure.cacert.org wurde verweigert. secure.cacert.org hat ihr Anmeldezertifikat nicht akzeptiert oder es wurde keines bereitgestellt. Setzen Sie sich mit dem Systemadministrator in Verbindung. ERR_BAD_SSLCLIENT_AUTH_CERT
IF I CHANGE TH URL to from secure.cacert.org..... to www.cacert.org..... -> "Dies ist keine sichere Verbindung" -> Erweitert -> Weiter (unsicher) -> the address changes to www.cacert.org/index.php?id=4 where I should login in to my account.
After login, I come to the account.php?id=3 page
- I tried it without add my e-mail address -> not working
- I tried it with adding my e-mail address -> working

Tested with
Vivaldi 6.9.3451.114
Betriebssystem Android 14

alkas

2024-10-23 18:57

manager   ~0006280

ad #0006278:
Step 3 - if you are on the part displayed on the picture above, there is Not a CSR you need to copy to the field. You already have the CSR generated in the clipboard. In this phase,you need to go to the New Client Certificate page of CAcert web (including login), let the new cert issue, and the issued cert transfer Copy-Paste into that field. Then, the page of the webapp continues asking for the password to encipher the private key, prepare downloading .p12 file, etc.
And while it may work for the majority of users, at least one user could not continue as the secure web reported a handshake error.
And yes, you need to add your Email address to work - it is OK.
More information will give you the author Jandd.

alkas

2024-12-03 14:31

manager   ~0006290

Yet another user has reported this bug today, 20241203.
The workaround: In the point Step 3 (see the picture above), do NOT click the link "New client certificate page". Instead, open browser's next tab and on that new page enter "https://www.cacert.org". Then login to your CAcert account and go to the menu "Client certificate - New". Your CSR is already in the clipboard, so you can paste it in the page's text field, then select proper Email address, set any more data you wish for your certificate, check the agreement with the CCA, and press "Next". After the certificate is issued, mark it from the line "----- BEGIN..." to the line "----- END..." inclusive, and Copy it with Ctrl-C. Now when you have your newly issued certificate in the clipboard, return to the application tab and paste it to the text field (see the picture again). Then continue with the application.

jandd

2024-12-04 18:50

administrator   ~0006292

I created https://code.cacert.org/cacert/browser-csr-generation/pulls/2 to address these issues. Please review the changes, especially the text that explains what to do with the CSR.

Issue History

Date Modified Username Field Change
2024-10-22 17:17 alkas New Issue
2024-10-22 17:17 alkas Assigned To => jandd
2024-10-22 17:17 alkas Tag Attached: client certificate generation webapp
2024-10-22 17:17 alkas File Added: CCG-o.gif
2024-10-23 18:13 L10N Note Added: 0006278
2024-10-23 18:29 L10N Note Added: 0006279
2024-10-23 18:39 L10N Tag Attached: cacert.org
2024-10-23 18:39 L10N Tag Attached: community
2024-10-23 18:39 L10N Tag Attached: client certificate
2024-10-23 18:39 L10N Tag Attached: CSR
2024-10-23 18:57 alkas Note Added: 0006280
2024-12-03 14:31 alkas Note Added: 0006290
2024-12-04 18:50 jandd Note Added: 0006292