View Issue Details

IDProjectCategoryView StatusLast Update
0000889CATS.cacert.orgUser Interfacepublic2011-07-27 21:19
ReporterUli60 Assigned ToTed  
Status closedResolutionfixed 
Fixed in Versionproduction 
Summary0000889: Login with Client Certs class3 doesn't work - login with Client Cert Class1 works
Descriptionthere are many reports from users trying to login to
login failed ...
all failed logins are users with a valid class3 client cert
create a new client cert as class1 login works like a charme
TagsNo tags attached.


has duplicate 0000808 closedTed Login with Safari 



2010-11-11 23:19

updater   ~0001780

irc:cacert log 2010-11-11
(23:10:32) kotek: hi Tennel
(23:11:08) Tennel: hello, i get "login failed" if i try to use the automated training system.
(23:15:27) kotek: strange, it works fine for me
(23:17:38) Tennel: yes, i had tried it again, after removing the config files of my browser but it didn't work.
(23:17:58) Tennel: which browser do you use?
(23:28:21) kotek: Opera
(23:28:37) kotek: it works fine
(23:29:38) Tennel: with chromium i can't create a client cert, an firefox throws this error, i will try opera
(23:31:57) kotek: 68% :<
(23:32:54) Tennel: ?
(23:34:05) kotek: my result of cats
(23:34:24) Tennel: ok
(23:34:41) Tennel: i'm afk for a while
(23:34:43) kotek: need to learn more about cacert
(23:56:35) Tennel: ok, i had tried firefox, chromium and opera. ff and chromium under win/lin and opera under win, nothing works
(23:56:42) Tennel: need help
(12.11.2010 00:00:08) kotek: have you checked if u have correctle installed your certificate and it is not expired?
(00:00:28) Tennel: yes, i created a new one
(00:00:55) Tennel: an my browser asks for it if i open the page
(00:01:52) kotek: can u log in with this certificate at
(00:02:13) Tennel: yes
(00:03:09) kotek: mhmm... what have u done?! :<
(00:05:08) Tennel: i had created a new client cert, had loged in, had clicked on the link at the sidebar, an then i had clicked the login button at the ATS site
(00:05:13) Tennel: nothing special
(00:05:37) Tennel: but it didn't work on every setup i have
(00:05:48) kotek: and what message has been displayed? can u send screenshot?
(00:07:57) Tennel: no, but i can describe it, under the button "login" is displayed "Login failed", thats all.
(00:08:09) Tennel: no explicit error messages
(00:08:21) kotek: this is error caused only by this certificate?
(00:08:33) kotek: when it was generated?
(00:08:46) Tennel: 30 minutes ago
(00:09:14) Tennel: all certs, i created 3 different certs
(00:09:23) kotek: maybe ATS and cacert db aren't synced yet
(00:09:38) Tennel: that could be
(00:09:59) u60: aeh ... you mean CATS site ?
(00:10:07) Tennel: yep
(00:10:15) u60: client cert is class3 cert ?
(00:10:21) Tennel: yes
(00:10:42) u60: there are known probs reported with client certs issued as class3 ....
(00:10:56) u60: plz issue a class1 client cert and try again
(00:11:15) Tennel: ok, i create another one and report
(00:14:48) Tennel: ok, thx it works
(00:15:25) Tennel: where can i put a bug report?


2011-04-04 01:12

updater   ~0001902

2011-04-02 (JC) gluck gehabt? Ich kann mich verbinden mit meiner Zertifikat, eine Sprache auswaehlen (EN/DE), aber immer mit "Login", ich bekomme die Fehlermeldung "Loginvorgang fehlgeschlagen". Es scheint zu mir alle Roots sind richtig importiert worden...

Anmelden bei CACert mit meine Zertifikat funktioniert. Ich hab's schon WinXP, Win7, FireFox 4, IE 9 probiert, ohne erfolg.


2011-04-05 13:17

administrator   ~0001903

I guess I now know the problem... And Class 1 certificates won't work anymore either, so I'll raise the priority!


2011-04-05 14:42

updater   ~0001904

Taken from Ticket s20110403.66

I wanted to do the CATS test but can't login.
Error message is "Login failed" (see Screenshot attached).
I have generated the client certificate and installed it in my browser.
I CAN login at the CACert site with my client cert (without password).
I can also login at the blog and the wiki with my client cert.

I have tried different variations of the client cert:
  - Class 1, Class 3
  - No Name, Include 'Ludwig Weinzierl'
  - Single Sign On ID, Add Single Sign On ID Information

I have tried it with Firefox and Chrome on OSX Snow Leopard, and Firefox
3.6.16 and Chromium 10.0.648.133 (77742) on Ubuntu 10.10.

A friend has exactly the same problem with Safari and Firefox an OSX
Snow Leopard.

In addition
I sat down with the person who set up the CA for our company and we
tried it with IE 7 and Firefox 3.6. Three people have tried on four
different machines with 9 (!) different browser versions - to no avail.

I'm now 100% percent sure is broken.

Maybe it's not broken for everyone, maybe it's a language bug or
something, but its definitely broken for a lot of people.

If I can be of any help to pin this problem down please contact me.


2011-04-05 18:44

administrator   ~0001905

Just patched the production system, the bug should be fixed now (svn revision 2203), I'm waiting for confirmation by someone affected.


2011-04-05 21:54

administrator   ~0001906

Several users confirmed they can now log in.

Issue History

Date Modified Username Field Change
2010-11-11 23:16 Uli60 New Issue
2010-11-11 23:19 Uli60 Note Added: 0001780
2011-04-03 20:20 Ted Status new => needs work
2011-04-03 20:20 Ted Assigned To => Ted
2011-04-04 01:12 Uli60 Note Added: 0001902
2011-04-05 13:17 Ted Note Added: 0001903
2011-04-05 13:17 Ted Priority normal => urgent
2011-04-05 14:42 INOPIAE Note Added: 0001904
2011-04-05 18:44 Ted Note Added: 0001905
2011-04-05 21:54 Ted Note Added: 0001906
2011-04-05 21:54 Ted Status needs work => solved?
2011-04-05 21:54 Ted Fixed in Version => production
2011-04-05 21:54 Ted Resolution open => fixed
2011-07-18 07:30 Ted Relationship added has duplicate 0000808
2011-07-27 21:19 Ted Status solved? => closed