[Mono-devel-list] WebRequest/HTTPS CA Issue

Sebastien Pouliot spouliot at videotron.ca
Wed Mar 30 16:31:30 EST 2005


Hello Johnny,

> Okay, I went here with my browser and got the certificate located here:
> https://getca.verisign.com/ and installed it like so:
>
> /usr/bin/certmgr -add -c CA getrootcert.cer

Root certificates must go into the "Trust" store. The "CA" store if for
other (non root) CA - i.e. anything that can issue certificates. This is
documented in the man page.

The certificate I downloaded from the URL is self-signed using md2RSA so
you need to configure your machine.config file as well.

> and it says one certificate added.
>
> However, when I try to list my certificates, I get the following stack
> trace:
>
> [johnny at skuld ~]$ certmgr -list -c CA
> Mono Certificate Manager - version 1.1.5.0
> Manage X.509 certificates and CRL from stores.
> Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD
> licensed.
>
> Unhandled Exception: System.NullReferenceException: Object reference not
> set to an instance of an object
> in <0x0003f> Mono.Security.Cryptography.PKCS1:Encode_v15
> (System.Security.Cryptography.HashAlgorithm hash, System.Byte[]
> hashValue, Int32 emLength)

That's most probably because the MD2 algorithm isn't available (i.e. null).
I'll look to throw a more meaningful exception/message in this case.

> I've attached /etc/mono/1.0/machine.config  I made a similar change to
> /etc/mono/2.0/machine.config.

Your config file seems to be missing one line:

<nameEntry name="MD2" class="monoMD2" />

Please re-check from the man page or the (just updated) FAQ:
http://www.mono-project.com/FAQ:_Security#I_got_the_root_certificate_but_it_
doesn.27t_install.21


Sebastien Pouliot
home: spouliot at videotron.ca
blog: http://pages.infinit.net/ctech/poupou.html




More information about the Mono-devel-list mailing list