Root certificate authority works windows/linux but not mac osx - (malformed)

Posted by AKwhat on Super User See other posts from Super User or by AKwhat
Published on 2014-06-01T00:04:29Z Indexed on 2014/06/08 3:29 UTC
Read the original article Hit count: 588

I have created a self-signed root certificate authority which if I install onto windows, linux, or even using the certificate store in firefox (windows/linux/macosx) will work perfectly with my terminating proxy.

I have installed it into the system keychain and I have set the certificate to always trust.

Within the chrome browser details it says "The certificate that Chrome received during this connection attempt is not formatted correctly, so Chrome cannot use it to protect your information. Error type: Malformed certificate"

I used this code to create the certificate:

openssl genrsa -des3 -passout pass:***** -out private/server.key 4096
openssl req -batch -passin pass:***** -new -x509 -nodes -sha1 -days 3600 -key private/server.key -out server.crt -config ../openssl.cnf

If the issue is NOT that it is malformed (because it works everywhere else) then what else could it be? Am I installing it incorrectly?

To be clear:
Within the windows/linux OS, all browsers work perfectly. Within mac only firefox works if it uses its internal certificate store and not the keychain. It's the keychain method of importing a certificate that causes the issue. Thus, all browsers using the keychain will not work.

Root CA Cert:

-----BEGIN CERTIFICATE-----
**some base64 stuff**
-----END CERTIFICATE-----

Intermediate CA Cert:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=*****, ST=*******, L=******, O=*******, CN=******/emailAddress=******
        Validity
            Not Before: May 21 13:57:32 2014 GMT
            Not After : Jun 20 13:57:32 2014 GMT
        Subject: C=*****, ST=********, O=*******, CN=*******/emailAddress=*******
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (4096 bit)
                Modulus (4096 bit):
                    00:e7:2d:75:38:23:02:8e:b9:8d:2f:33:4c:2a:11:
                    6d:d4:f8:29:ab:f3:fc:12:00:0f:bb:34:ec:35:ed:
                    a5:38:10:1e:f3:54:c2:69:ae:3b:22:c0:0d:00:97:
                    08:da:b9:c9:32:c0:c6:b1:8b:22:7e:53:ea:69:e2:
                    6d:0f:bd:f5:96:b2:d0:0d:b2:db:07:ba:f1:ce:53:
                    8a:5e:e0:22:ce:3e:36:ed:51:63:21:e7:45:ad:f9:
                    4d:9b:8f:7f:33:4c:ed:fc:a6:ac:16:70:f5:96:36:
                    37:c8:65:47:d1:d3:12:70:3e:8d:2f:fb:9f:94:e0:
                    c9:5f:d0:8c:30:e0:04:23:38:22:e5:d9:84:15:b8:
                    31:e7:a7:28:51:b8:7f:01:49:fb:88:e9:6c:93:0e:
                    63:eb:66:2b:b4:a0:f0:31:33:8b:b4:04:84:1f:9e:
                    d5:ed:23:cc:bf:9b:8e:be:9a:5c:03:d6:4f:1a:6f:
                    2d:8f:47:60:6c:89:c5:f0:06:df:ac:cb:26:f8:1a:
                    48:52:5e:51:a0:47:6a:30:e8:bc:88:8b:fd:bb:6b:
                    c9:03:db:c2:46:86:c0:c5:a5:45:5b:a9:a3:61:35:
                    37:e9:fc:a1:7b:ae:71:3a:5c:9c:52:84:dd:b2:86:
                    b3:2e:2e:7a:5b:e1:40:34:4a:46:f0:f8:43:26:58:
                    30:87:f9:c6:c9:bc:b4:73:8b:fc:08:13:33:cc:d0:
                    b7:8a:31:e9:38:a3:a9:cc:01:e2:d4:c2:a5:c1:55:
                    52:72:52:2b:06:a3:36:30:0c:5c:29:1a:dd:14:93:
                    2b:9d:bf:ac:c1:2d:cd:3f:89:1f:bc:ad:a4:f2:bd:
                    81:77:a9:f4:f0:b9:50:9e:fb:f5:da:ee:4e:b7:66:
                    e5:ab:d1:00:74:29:6f:01:28:32:ea:7d:3f:b3:d7:
                    97:f2:60:63:41:0f:30:6a:aa:74:f4:63:4f:26:7b:
                    71:ed:57:f1:d4:99:72:61:f4:69:ad:31:82:76:67:
                    21:e1:32:2f:e8:46:d3:28:61:b1:10:df:4c:02:e5:
                    d3:cc:22:30:a4:bb:81:10:dc:7d:49:94:b2:02:2d:
                    96:7f:e5:61:fa:6b:bd:22:21:55:97:82:18:4e:b5:
                    a0:67:2b:57:93:1c:ef:e5:d2:fb:52:79:95:13:11:
                    20:06:8c:fb:e7:0b:fd:96:08:eb:17:e6:5b:b5:a0:
                    8d:dd:22:63:99:af:ad:ce:8c:76:14:9a:31:55:d7:
                    95:ea:ff:10:6f:7c:9c:21:00:5e:be:df:b0:87:75:
                    5d:a6:87:ca:18:94:e7:6a:15:fe:27:dd:28:5e:c0:
                    ad:d2:91:d3:2d:8e:c3:c0:9f:fb:ff:c0:36:7e:e2:
                    d7:bc:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Alternative Name: 
                DNS:localhost, DNS:dropbox.com, DNS:*.dropbox.com, DNS:filedropper.com, DNS:*.filedropper.com
            X509v3 Subject Key Identifier: 
                F3:E5:38:5B:3C:AF:1C:73:C1:4C:7D:8B:C8:A1:03:82:65:0D:FF:45
            X509v3 Authority Key Identifier: 
                keyid:2B:37:39:7B:9F:45:14:FE:F8:BC:CA:E0:6E:B4:5F:D6:1A:2B:D7:B0
                DirName:/C=****/ST=******/L=*******/O=*******/CN=******/emailAddress=*******
                serial:EE:8C:A3:B4:40:90:B0:62

            X509v3 Basic Constraints: 
                CA:TRUE
    Signature Algorithm: sha1WithRSAEncryption
        46:2a:2c:e0:66:e3:fa:c6:80:b6:81:e7:db:c3:29:ab:e7:1c:
        f0:d9:a0:b7:a9:57:8c:81:3e:30:8f:7d:ef:f7:ed:3c:5f:1e:
        a5:f6:ae:09:ab:5e:63:b4:f6:d6:b6:ac:1c:a0:ec:10:19:ce:
        dd:5a:62:06:b4:88:5a:57:26:81:8e:38:b9:0f:26:cd:d9:36:
        83:52:ec:df:f4:63:ce:a1:ba:d4:1c:ec:b6:66:ed:f0:32:0e:
        25:87:79:fa:95:ee:0f:a0:c6:2d:8f:e9:fb:11:de:cf:26:fa:
        59:fa:bd:0b:74:76:a6:5d:41:0d:cd:35:4e:ca:80:58:2a:a8:
        5d:e4:d8:cf:ef:92:8d:52:f9:f2:bf:65:50:da:a8:10:1b:5e:
        50:a7:7e:57:7b:94:7f:5c:74:2e:80:ae:1e:24:5f:0b:7b:7e:
        19:b6:b5:bd:9d:46:5a:e8:47:43:aa:51:b3:4b:3f:12:df:7f:
        ef:65:21:85:c2:f6:83:84:d0:8d:8b:d9:6d:a8:f9:11:d4:65:
        7d:8f:28:22:3c:34:bb:99:4e:14:89:45:a4:62:ed:52:b1:64:
        9a:fd:08:cd:ff:ca:9e:3b:51:81:33:e6:37:aa:cb:76:01:90:
        d1:39:6f:6a:8b:2d:f5:07:f8:f4:2a:ce:01:37:ba:4b:7f:d4:
        62:d7:d6:66:b8:78:ad:0b:23:b6:2e:b0:9a:fc:0f:8c:4c:29:
        86:a0:bc:33:71:e5:7f:aa:3e:0e:ca:02:e1:f6:88:f0:ff:a2:
        04:5a:f5:d7:fe:7d:49:0a:d2:63:9c:24:ed:02:c7:4d:63:e6:
        0c:e1:04:cd:a4:bf:a8:31:d3:10:db:b4:71:48:f7:1a:1b:d9:
        eb:a7:2e:26:00:38:bd:a8:96:b4:83:09:c9:3d:79:90:e1:61:
        2c:fc:a0:2c:6b:7d:46:a8:d7:17:7f:ae:60:79:c1:b6:5c:f9:
        3c:84:64:7b:7f:db:e9:f1:55:04:6e:b5:d3:5e:d3:e3:13:29:
        3f:0b:03:f2:d7:a8:30:02:e1:12:f4:ae:61:6f:f5:4b:e9:ed:
        1d:33:af:cd:9b:43:42:35:1a:d4:f6:b9:fb:bf:c9:8d:6c:30:
        25:33:43:49:32:43:a5:a8:d8:82:ef:b0:a6:bd:8b:fb:b6:ed:
        72:fd:9a:8f:00:3b:97:a3:35:a4:ad:26:2f:a9:7d:74:08:82:
        26:71:40:f9:9b:01:14:2e:82:fb:2f:c0:11:51:00:51:07:f9:
        e1:f6:1f:13:6e:03:ee:d7:85:c2:64:ce:54:3f:15:d4:d7:92:
        5f:87:aa:1e:b4:df:51:77:12:04:d2:a5:59:b3:26:87:79:ce:
        ee:be:60:4e:87:20:5c:7f

-----BEGIN CERTIFICATE----- 
**some base64 stuff**
-----END CERTIFICATE-----

© Super User or respective owner

Related posts about osx

Related posts about proxy