Reply To: 3.0.0 making PFX user certificates OS X doesn’t like

Home Page Forums Network Management ZeroShell 3.0.0 making PFX user certificates OS X doesn’t like Reply To: 3.0.0 making PFX user certificates OS X doesn’t like

#53193

cdpearce
Participant

This may all be a false alarm. I have now managed to create a couple of users where the X.509 certificates/keys were processed correctly by OS X.

However, there is definitely some kind of problem. It may not be unique to this version of ZS. But, I did create 2 users for which the PFX certificate/key was not handled correctly by OS X. The failure mode was 100% repeatable for those users even after revoking the certificates and recreating them. The failures were 100% repeatable on a second Mac computer. I could not find anything wrong with the certificates/keys when analyzing them with openssl. If I exported them as a PEM file and then used openssl to translate them to PFX, they still failed the same way. I could not discern a difference between a “good” certificate and a “bad” certificate by comparing them. Obviously the data values were different but the structures appeared consistent.

I even completely deleted the user and recreated it. The certificate/key still didn’t work. Perhaps there is something special about a username of “sib-laptop-mac” that doesn’t work, whereas “staff-laptop-mac” does.

I have no idea what is going on and can’t troubleshoot further. But, as long as these bad users are rare perhaps it doesn’t matter.