Environment
The Certificate subject name stores a Common Name Attribute (CN) including a wildcard like "*.dus.novell.com"
Novell eDirectory 8.7.3 for All Platforms
Novell iChain 2.3
Novell iChain 2.2
I
Novell eDirectory 8.7.3 for All Platforms
Novell iChain 2.3
Novell iChain 2.2
I
Situation
- Importing the Certificate did not return any errors
- No Certificates will be send to the browser client during the SSL handshake
- Mozilla based browser clients return:"host has sent an incorrect or unexpected message. Error -12258"
- Microsoft Internet Explorer returns: "
The page cannot be displayed
The page you are looking for might have been removed or had its name changed.
Resolution
Make sure your CA does not use "bmpString" encoding
This issue has been reported to engineering
This issue has been reported to engineering
Additional Information
The Common Name (CN) attribute has been encoded using the "bmpString" as defined in RFC3280.
RFC3280 defines:
X520CommonName ::= CHOICE {
teletexString TeletexString (SIZE (1..ub-common-name)),
printableString PrintableString (SIZE (1..ub-common-name)),
universalString UniversalString (SIZE (1..ub-common-name)),
utf8String UTF8String (SIZE (1..ub-common-name)),
bmpString BMPString (SIZE (1..ub-common-name)) }a
Formerly known as TID# 10098216
Using opnssl asn1parse -inform DER -in certfilename retruns:
147:d=5 hl=2 l= 3 prim: OBJECT :organizationName
152:d=5 hl=2 l= 4 prim: PRINTABLESTRING :Novell
158:d=3 hl=2 l= 45 cons: SET
160:d=4 hl=2 l= 43 cons: SEQUENCE
162:d=5 hl=2 l= 3 prim: OBJECT :commonName
167:d=5 hl=2 l= 36 prim: BMPSTRING
RFC3280 defines:
X520CommonName ::= CHOICE {
teletexString TeletexString (SIZE (1..ub-common-name)),
printableString PrintableString (SIZE (1..ub-common-name)),
universalString UniversalString (SIZE (1..ub-common-name)),
utf8String UTF8String (SIZE (1..ub-common-name)),
bmpString BMPString (SIZE (1..ub-common-name)) }a
Formerly known as TID# 10098216