CA 证书已过期并使用相同的私钥重新生成,现有客户端证书在 Chrome 中有效,但在 Firefox 中失败:
连接到 example.com 时发生错误:
SSL 对等方无法协商一组可接受的安全参数:Error code: SSL_ERROR_HANDSHAKE_FAILURE_ALERT
Firefox 不会提示输入客户端证书,也不会发送它 —— 怀疑某些东西与客户端证书选择过程不匹配。
如何在 Firefox 端调试这个问题?
Firefox 如何决定何时请求/提供客户端证书?
请注意,[web] 服务器证书运行正常,并且超出了此处的范围。
已验证的内容:
- 在 Mac 上的 Firefox 78 和 Linux 上的 Firefox 77 上均失败;两个 Firefox 实例中都存在与之前的 CA 证书一起使用的相同客户端证书。
- 在 Mac 上,相同的客户端证书可以在 Chrome 中使用,因此存在于 Keychain 中,但
security.osclientcerts.autoload在 Firefox 中启用却没有帮助。 - “可接受的客户端证书 CA 名称”与新旧 CA 证书匹配。
- “客户端证书类型”似乎是可以接受的:
新证书:RSA 签名、DSA 签名、ECDSA 签名
旧证书:RSA 固定 DH、DSS 固定 DH、RSA 签名、DSA 签名 - CA 证书中是否存在 v3 扩展并不重要(包括的设置
CA:TRUE)。 - CRL 已使用但尚未过期,并且客户端证书未被撤销。
- 新旧CA证书上的序列号不同,并且似乎是较大的随机数。
- 客户端证书似乎不包含任何(过期的)链证书。
- 重新生成 CA 证书以使其有效期在客户端证书之前开始没有帮助。
- 将 CA 证书重新生成为 SHA1 没有帮助(旧 CA 证书是 SHA1)。
证书
CA 证书(带有 X509v3 扩展;有无扩展均无影响):
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
cb:b5:11:9e:17:0f:aa:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: <string>
Validity
Not Before: Jul 16 12:04:27 2020 GMT
Not After : Apr 15 12:04:27 2030 GMT
Subject: <string>
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c1:16:6b:74:7e:b7:d0:da:8b:7f:55:bf:ee:c3:
c1:c3:ff:48:8a:b2:2d:a9:48:17:f1:aa:8b:36:34:
21:b2:d8:22:09:7c:ba:7c:61:83:a9:0e:40:69:4c:
b9:ed:25:dc:e6:f0:f8:45:b6:a6:14:2f:7a:2b:bc:
6d:9d:d3:d7:f5:4a:bd:dc:38:ed:88:f7:47:73:0a:
41:6f:15:a0:83:34:55:7b:4c:39:1d:8e:de:60:1f:
81:df:42:f5:b5:b9:0d:f5:90:9a:c4:80:ef:a7:1c:
38:93:c0:83:43:9b:5b:ef:cf:30:1a:70:29:26:e5:
e2:35:0e:81:24:e7:97:75:d1:ae:f7:a4:bc:e7:28:
20:52:87:58:87:41:2f:4b:ca:cd:2d:af:08:8b:bf:
1f:a5:a3:e1:f3:d0:81:f1:9c:f6:36:a2:d4:8f:2e:
19:67:72:2d:41:2c:43:d9:4f:b5:6b:2d:60:e0:77:
39:2e:53:20:7d:49:fa:c0:43:f2:03:cc:17:71:93:
cb:42:4e:42:41:23:2e:86:7c:b1:64:dc:a3:e4:7c:
60:37:43:56:ed:25:c5:97:ab:4d:90:98:c9:34:48:
b2:bc:34:f9:fb:89:cb:20:62:25:91:cf:8f:dd:bd:
40:d6:03:bf:b5:fc:cd:f8:c9:db:df:25:bb:f7:17:
31:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:C5:5A:EC:01:FD:DE:76:54:E1:94:97:EC:35:B6:C4:23:8A:73:FC
X509v3 Authority Key Identifier:
keyid:A8:C5:5A:EC:01:FD:DE:76:54:E1:94:97:EC:35:B6:C4:23:8A:73:FC
DirName:<string>
serial:CB:B5:11:9E:17:0F:AA:30
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
33:90:66:8c:e4:99:c4:4e:1c:b7:5c:7d:b7:16:67:f1:b4:bc:
d6:b2:ce:36:c3:4f:77:db:e3:22:89:5c:63:cb:a4:0b:62:b4:
c5:72:d8:37:02:c7:1b:83:0b:03:ad:c6:51:20:e1:fd:c8:28:
72:ea:62:da:be:e7:0b:68:e7:f2:7d:24:b6:59:2f:ab:4c:76:
ba:42:38:fe:fb:e4:a1:91:ab:0f:9b:08:3f:d2:98:3b:c2:75:
78:97:cf:97:34:8f:c1:3f:b9:bd:a4:53:6d:ea:bc:03:33:86:
a3:46:8f:b8:6e:09:be:67:43:d8:c4:17:85:3a:9e:e9:c0:86:
fc:d4:25:51:e0:36:d2:fc:ca:84:43:68:a8:75:f5:b8:a3:87:
71:8d:b4:e9:78:69:b3:4d:52:10:ed:05:df:a0:b3:0d:34:f9:
a0:99:99:29:12:74:d6:74:55:05:1b:7e:6c:81:48:ba:a2:05:
9e:f3:33:2b:6f:14:25:8a:a9:c6:ff:7d:28:01:03:32:3e:46:
68:b1:88:f2:04:b0:bd:83:a0:97:ca:12:84:03:49:9c:f6:63:
14:24:45:ab:dd:73:97:33:a0:fd:0e:94:95:b1:cb:95:cc:c3:
6c:82:fc:05:70:3d:9b:0e:ea:05:6e:e2:36:c1:2f:b3:87:b6:
ca:58:59:b1
客户端证书:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 302 (0x12e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: <string>
Validity
Not Before: Mar 26 08:11:41 2020 GMT
Not After : Mar 26 08:11:41 2022 GMT
Subject: <string>
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:07:3c:54:4f:4c:77:66:75:21:c5:9d:1f:b0:
da:92:ee:5f:4f:a9:79:a3:56:a9:fd:ec:0f:ff:c9:
23:de:3f:6a:f4:e3:5b:f5:d0:ef:cf:ae:1d:a8:80:
21:76:39:1e:e6:90:1a:da:dd:07:21:68:98:73:29:
ea:f2:40:fe:9f:a3:b9:af:89:20:7d:0f:22:cb:cc:
50:de:30:af:66:00:52:93:2c:f1:a0:f5:7d:46:6e:
c9:63:d9:c4:24:0a:db:9c:8c:66:52:04:f1:da:f8:
8b:71:27:46:60:98:94:49:b0:b2:05:e5:5d:7c:05:
8d:e0:51:35:eb:38:ae:d3:d7:dc:a5:21:72:d4:b9:
9a:be:29:3f:04:bd:11:c3:43:b7:d8:56:2b:4b:60:
08:9e:a9:77:55:a4:e6:d1:b8:b6:2b:57:ff:89:bc:
0a:87:b2:43:71:0c:aa:65:28:20:09:68:63:0b:d8:
2e:de:05:bf:40:95:a7:24:b4:2e:a0:c4:d8:37:66:
3e:28:d1:7b:4e:77:4f:23:7e:e7:44:85:3d:70:fc:
eb:34:06:2a:9d:40:c9:30:0f:a6:df:0a:51:1e:54:
31:22:a9:d7:8b:7c:84:88:ef:77:ca:34:00:27:52:
ef:34:d0:a5:a2:41:79:bd:45:0d:85:70:00:01:2c:
6a:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Key Encipherment, Data Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication
Netscape Cert Type:
SSL Client
Signature Algorithm: sha256WithRSAEncryption
5c:c1:da:4a:ba:37:21:54:24:21:f5:6f:83:b4:74:78:17:cb:
d3:f8:63:a3:07:9c:34:7c:51:e5:97:4d:70:41:fa:91:1a:ce:
6f:87:32:24:81:65:00:3b:9a:c1:f6:32:82:9a:cc:6d:68:3e:
03:b7:3a:3d:3c:81:15:89:f8:12:27:b3:cd:d3:e5:7a:bd:e9:
49:f4:c1:19:58:39:dc:13:58:2c:8b:1b:a7:c6:ae:28:ad:4c:
9e:76:77:ff:fa:36:04:94:fb:bd:87:fe:f0:a5:2e:85:d8:29:
50:b6:c5:43:9b:f4:bd:5a:35:40:1f:23:59:e2:04:84:f2:b9:
91:ef:20:fe:99:28:e4:df:71:96:4a:ab:35:5c:57:c2:46:80:
20:7c:be:49:37:18:d1:0f:07:47:54:1c:e3:33:78:e0:c1:61:
93:bf:95:fd:f4:bd:27:a4:f1:6b:ba:62:8c:79:a0:57:ee:d3:
bd:08:73:b1:37:41:10:68:38:7a:91:c5:3a:64:1b:54:66:b4:
19:cc:16:16:5d:94:7a:e2:f7:2b:79:bd:2a:ab:01:67:32:e9:
4a:2b:fb:da:df:5b:65:36:1a:8b:1d:a9:3c:2a:3f:bd:02:f0:
eb:9b:e2:3b:46:0d:44:f8:ac:77:ac:6f:60:df:a5:27:00:4c:
8c:9f:a0:2c
答案1
显然,问题在于旧证书用于PrintableStrings所有字符串,而新证书仅用于UTF8Strings部分字符串。重新生成新证书即可PrintableStrings修复此问题。
使用 OpenSSL 工具时,字符串掩码选项允许控制字段编码。
发现这一差异的功劳全部归功于 Mozilla 安全工程师 Dana。