[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-jce] Netscape and Certificates with Critical Extensions


I'm trying to understand a problem I'm having when importing a personal 
certificate with critical extensions (via a pkcs12 file) into Netscape 
Communicator (V4.74).

I'm using the iaik-jce software to generate the keypair and the 
certificate, then I'm stuffing the certificate and signing certificate in a 
pkcs12 file.  The pkcs12 file is processed normally by IE and the 
certificates are dropped in the correct store.

However, Netscape crashes processing the same file.

On a hunch, I removed the code that marks certain extensions as critical, 
generated another pkcs12 file, and Netscape imported the certificates.

This experience leads me to infer that (for some reason) Netscape does not 
correctly process an extension marked critical.

Can anyone confirm this?  I'd really like to mark BasicConstraints and 
KeyUsage "critical."

William I. Bormann
Purdue University PACE Project

Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-jce