Bug#351745: ca-certificates: Certificate filename does not match certificate contents

8 views
Skip to first unread message

Andrew M. Bishop

unread,
Feb 7, 2006, 1:40:05 AM2/7/06
to
Package: ca-certificates
Version: 20050804
Severity: minor


The certificate that is stored in one of the files does not match the
name of the file. This is confusing (best case) or a security problem
(worst case, unlikely).

The file in question is /etc/ssl/certs/RSA_Root_Certificate_1.pem

The name of the file suggests that it belongs to RSA Security Inc, but
the contents of the file (reported by certtool, part of gnutls-bin) says
that it belongs to ValiCert.

$ certtool -i < /etc/ssl/certs/RSA_Root_Certificate_1.pem

X.509 certificate info:

Version: 1
Serial Number (hex): 01
Subject: L=ValiCert Validation Network,O=ValiCert\, Inc.,OU=ValiCert
Class 3 Policy Validation
Authority,CN=http://www.valicert.com/,EMAIL=in...@valicert.com
Issuer: L=ValiCert Validation Network,O=ValiCert\, Inc.,OU=ValiCert
Class 3 Policy Validation
Authority,CN=http://www.valicert.com/,EMAIL=in...@valicert.com
Signature Algorithm: RSA-SHA
Validity:
Not Before: Sat Jun 26 01:22:33 1999
Not After: Wed Jun 26 01:22:33 2019
Subject Public Key Info:
Public Key Algorithm: RSA (1024 bits)
modulus:
00:e3:98:51:96:1c:e8:d5:b1:06:81:6a:57:c3:72:
75:93:ab:cf:9e:a6:fc:f3:16:52:d6:2d:4d:9f:35:
44:a8:2e:04:4d:07:49:8a:38:29:f5:77:37:e7:b7:
ab:5d:df:36:71:14:99:8f:dc:c2:92:f1:e7:60:92:
97:ec:d8:48:dc:bf:c1:02:20:c6:24:a4:28:4c:30:
5a:76:6d:b1:5c:f3:dd:de:9e:10:71:a1:88:c7:5b:
9b:41:6d:ca:b0:b8:8e:15:ee:ad:33:2b:cf:47:04:
5c:75:71:0a:98:24:98:29:a7:49:59:a5:dd:f8:b7:
43:62:61:f3:d3:e2:d0:55:3f:
public exponent:
01:00:01:

Other information:
MD5 Fingerprint: A2:6F:53:B7:EE:40:DB:4A:68:E7:FA:18:D9:10:4B:72
SHA1 Fingerprint:
69:BD:8C:F4:9C:D3:00:FB:59:2E:17:93:CA:55:6A:F3:EC:AA:35:FB
Public Key ID:
77:77:EE:58:B4:02:E3:68:CE:E2:9D:59:02:F9:84:3F:35:82:9A:4A


Another file called /etc/ssl/certs/RSA_Security_1024_v3.pem shows what a
certificate belonging to RSA Security Inc should look like.

certtool -i < /etc/ssl/certs/RSA_Security_1024_v3.pem

X.509 certificate info:

Version: 3
Serial Number (hex): 0A:01:01:01:00:00:02:7C:00:00:00:0B:00:00:00:02
Subject: O=RSA Security Inc,OU=RSA Security 1024 V3
Issuer: O=RSA Security Inc,OU=RSA Security 1024 V3
Signature Algorithm: RSA-SHA
Validity:
Not Before: Thu Feb 22 21:01:49 2001
Not After: Sun Feb 22 20:01:49 2026
Subject Public Key Info:
Public Key Algorithm: RSA (1024 bits)
modulus:
00:d5:dd:fe:66:09:cf:24:3c:3e:ae:81:4e:4e:8a:
c4:69:80:5b:59:3b:df:b9:4d:4c:ca:b5:2d:c3:27:
2d:3c:af:00:42:6d:bc:28:a6:96:cf:7f:d7:58:ac:
83:0a:a3:55:b5:7b:17:90:15:84:4c:8a:ee:26:99:
dc:58:ef:c7:38:a6:aa:af:d0:8e:42:c8:62:d7:ab:
ac:a9:fb:4a:7d:bf:ea:fe:12:4d:dd:ff:26:2d:6f:
36:54:68:c8:d2:84:56:ee:92:53:61:09:b3:3f:39:
9b:a8:c9:9b:bd:ce:9f:7e:d4:19:6a:16:29:18:be:
d7:3a:69:dc:25:5b:33:1a:51:
public exponent:
01:00:01:

X.509 Extensions:
Basic Constraints: (critical)
CA:TRUE
Key usage: (critical)
Certificate signing.
CRL signing.
Subject Key ID:
C4:C0:1C:A4:07:94:FD:CD:4D:01:D4:54:DA:A5:0C:5F:DE:AE:05:5A
Authority Key ID:
C4:C0:1C:A4:07:94:FD:CD:4D:01:D4:54:DA:A5:0C:5F:DE:AE:05:5A

Other information:
MD5 Fingerprint: 3A:E5:50:B0:39:BE:C7:46:36:33:A1:FE:82:3E:8D:94
SHA1 Fingerprint:
3C:BB:5D:E0:FC:D6:39:7C:05:88:E5:66:97:BD:46:2A:BD:F9:5C:76
Public Key ID:
09:44:55:2B:5B:B6:4A:DF:AD:BB:85:63:1C:3F:A1:10:96:57:7D:FF


--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

Reply all
Reply to author
Forward
0 new messages