[Mono-devel-list] WebRequest/HTTPS CA Issue

Johnny Luong johnny at trustcommerce.com
Wed Mar 30 16:09:54 EST 2005


Hi Sebastien,

Sebastien Pouliot wrote:
> 
> 
> [1] Well this looks like an intermidiate CA certificate - i.e. not a root
> certificate. Note that HTTPS, like many protocols, doesn't require the
> server to send the root certificate (certmgr -ssl can't work in this case).
> This _may_ be the problem. If so you'll need to find the root certificate
> and add it with certmgr.

Okay, I went here with my browser and got the certificate located here:
https://getca.verisign.com/ and installed it like so:

/usr/bin/certmgr -add -c CA getrootcert.cer

and it says one certificate added.

However, when I try to list my certificates, I get the following stack
trace:

[johnny at skuld ~]$ certmgr -list -c CA
Mono Certificate Manager - version 1.1.5.0
Manage X.509 certificates and CRL from stores.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD
licensed.

Unhandled Exception: System.NullReferenceException: Object reference not
set to an instance of an object
in <0x0003f> Mono.Security.Cryptography.PKCS1:Encode_v15
(System.Security.Cryptography.HashAlgorithm hash, System.Byte[]
hashValue, Int32 emLength)
in <0x00076> Mono.Security.Cryptography.PKCS1:Verify_v15
(System.Security.Cryptography.RSA rsa,
System.Security.Cryptography.HashAlgorithm hash, System.Byte[]
hashValue, System.Byte[] signature)
in <0x0004d>
System.Security.Cryptography.RSAPKCS1SignatureDeformatter:VerifySignature
(System.Byte[] rgbHash, System.Byte[] rgbSignature)
in <0x0010e> Mono.Security.X509.X509Certificate:VerifySignature
(System.Security.Cryptography.RSA rsa)
in <0x00035> Mono.Security.X509.X509Certificate:get_IsSelfSigned ()
in <0x0001a> Mono.Tools.CertificateManager:DisplayCertificate
(Mono.Security.X509.X509Certificate x509, Boolean verbose)
in <0x00070> Mono.Tools.CertificateManager:List (ObjectType type,
Mono.Security.X509.X509Store store, System.String file, Boolean verbose)
in <0x002c5> Mono.Tools.CertificateManager:Main (System.String[] args)

> 
> [2] Another, more likely, issue (well for Verisign certificates) is that the
> root certificate is signed with MD2. The framework doesn't, by default,
> supports MD2. You can activate the MD2 support by configuring your
> machine.config file. See "KNOWN ISSUES" in "man certmgr" for more
> informations.

I've attached /etc/mono/1.0/machine.config  I made a similar change to
/etc/mono/2.0/machine.config.

> 
> Let us know if [1] or [2] fix your problems (98%). If not (2%) then I'll
> requires more details to debug the issue.


Let me know if I should try anything else.

Thanks,
Johnny
-------------- next part --------------
A non-text attachment was scrubbed...
Name: machine.config
Type: text/xml
Size: 16073 bytes
Desc: not available
Url : http://lists.ximian.com/pipermail/mono-devel-list/attachments/20050330/3ed37dce/attachment.xml 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
Url : http://lists.ximian.com/pipermail/mono-devel-list/attachments/20050330/3ed37dce/attachment.bin 


More information about the Mono-devel-list mailing list