Menu
I try to login using PKI. I use this tutorial: http://release-manager.com/rest/images/12702
On firefox this works well. On Android-Smartphone this does not work (I tried several phones Android 6-11).EDIT: Fortunately Android 7.1.1 seems to works.
This is the p12-File:
https://node1.sandbox.release-manager.com/rest/cloud/download/433/?pw=2cf6576250ed0e348a20c2580ee7e092&un=sandbox
It must have something todo with the p12 key.
This is a screenshot of the kse:
This is the ASN1 Structure
SEQUENCE
{
SEQUENCE
{
TAGGED [0]:
INTEGER=2
INTEGER=512434666 (0x1e8b21ea)
SEQUENCE
{
OBJECT IDENTIFIER=Sha256WithRSAEncryption (1.2.840.113549.1.1.11)
NULL
}
SEQUENCE
{
SET
{
SEQUENCE
{
OBJECT IDENTIFIER=CountryName (2.5.4.6)
PRINTABLE STRING='US'
}
}
SET
{
SEQUENCE
{
OBJECT IDENTIFIER=OrganizationName (2.5.4.10)
UTF8 STRING='[]'
}
}
SET
{
SEQUENCE
{
OBJECT IDENTIFIER=OrganizationalUnitName (2.5.4.11)
UTF8 STRING='[]'
}
}
SET
{
SEQUENCE
{
OBJECT IDENTIFIER=CommonName (2.5.4.3)
PRINTABLE STRING='www.e-nexus.de'
}
}
}
SEQUENCE
{
UTC TIME=10/Nov/2000 00:00:00 CET (001109230000GMT+00:00)
GENERALIZED TIME=10/Nov/2100 00:00:00.000 CET (21001109230000GMT+00:00)
}
SEQUENCE
{
SET
{
SEQUENCE
{
OBJECT IDENTIFIER=CountryName (2.5.4.6)
PRINTABLE STRING='US'
}
}
SET
{
SEQUENCE
{
OBJECT IDENTIFIER=OrganizationName (2.5.4.10)
UTF8 STRING='[]'
}
}
SET
{
SEQUENCE
{
OBJECT IDENTIFIER=OrganizationalUnitName (2.5.4.11)
UTF8 STRING='[]'
}
}
SET
{
SEQUENCE
{
OBJECT IDENTIFIER=CommonName (2.5.4.3)
PRINTABLE STRING='Admin Example Node 1'
}
}
}
SEQUENCE
{
SEQUENCE
{
OBJECT IDENTIFIER=RsaEncryption (1.2.840.113549.1.1.1)
NULL
}
BIT STRING, encapsulates:
SEQUENCE
{
INTEGER=
00 96 2D D5 EB 60 BB 98 ..-Õë`».
71 B6 A5 62 85 08 5D FD q¶¥b..]ý
42 80 CF 89 D4 B0 1D 46 B.Ï.Ô°.F
38 36 B1 DF 29 6F 52 34 86±ß)oR4
28 D1 A7 8A 67 21 C1 C6 (ѧ.g!ÁÆ
31 77 3B D3 B5 EE A8 9E 1w;Óµî¨.
01 D4 A2 36 FC 12 88 15 .Ô¢6ü...
43 69 70 38 FC 81 B6 3D Cip8ü.¶=
DF E4 6D 09 77 F3 9B 27 ßäm.wó.'
AC 01 A3 4A 41 77 55 21 ¬.£JAwU!
B9 68 61 AA AD 50 34 F0 ¹haªP4ð
AC 62 76 3C 2E 50 6E 44 ¬bv<.PnD
55 88 C0 0E 02 0E 36 6E U.À...6n
A4 AA 5D E3 FC 7A 64 6A ¤ª]ãüzdj
ED 0A CA 1B B3 CE 31 2D í.Ê.³Î1-
2F 10 96 89 F1 5A 02 62 /...ñZ.b
8B A1 F6 1A 5F BA AE 6B .¡ö._º®k
84 CC 97 40 3B 3D F3 3C .Ì.@;=ó<
E2 AB 15 D5 16 BE 22 35 â«.Õ.¾"5
10 A4 5A 6D 0E 4D 6A 34 .¤Zm.Mj4
12 BA 01 DD 6D A5 7D B5 .º.Ým¥}µ
4E 61 59 16 92 1A 5B E9 NaY...[é
22 8D A1 CC 51 1A DA BE ".¡ÌQ.Ú¾
DC EB 6F C9 49 16 72 3F ÜëoÉI.r?
50 52 0A 65 95 BE 13 7B PR.e.¾.{
18 F1 D5 31 23 28 19 14 .ñÕ1#(..
BE 2D D3 E3 BF 90 9A 4F ¾-Óã¿..O
49 DE 92 D1 7C 3E 72 BE IÞ.Ñ|>r¾
72 52 15 F3 30 5A 69 2C rR.ó0Zi,
5B DD 1F 01 4D C1 2C 8F [Ý..MÁ,.
A1 A3 62 8A DF 73 52 39 ¡£b.ßsR9
4D 61 EA 2E 10 37 5D 87 Maê..7].
53 S
INTEGER=65537 (0x10001)
}
}
TAGGED [3]:
SEQUENCE
{
SEQUENCE
{
OBJECT IDENTIFIER=ExtKeyUsage (2.5.29.37)
BOOLEAN=true
OCTET STRING, encapsulates:
SEQUENCE
{
OBJECT IDENTIFIER=ClientAuth (1.3.6.1.5.5.7.3.2)
}
}
SEQUENCE
{
OBJECT IDENTIFIER=SubjectKeyIdentifier (2.5.29.14)
OCTET STRING, encapsulates:
OCTET STRING=
11 25 D9 96 7E E1 16 B5 .%Ù.~á.µ
28 5D D7 65 81 22 0D BF (]×e.".¿
6C E8 27 71 lè'q
}
}
}
SEQUENCE
{
OBJECT IDENTIFIER=Sha256WithRSAEncryption (1.2.840.113549.1.1.11)
NULL
}
BIT STRING=
4C 02 52 BF 5D 8D 82 F0 L.R¿]..ð
89 DB 14 4E 46 95 C6 8B .Û.NF.Æ.
01 3A AF 7B 29 C0 25 FA .:¯{)À%ú
85 7A 93 29 90 93 AA 2E .z.)..ª.
06 B6 28 F7 3B 9B 58 38 .¶(÷;.X8
7C 67 D1 E7 B2 AE 3C 75 |gÑç²®<u
74 A8 26 CC 6E 6D 79 F4 t¨&Ìnmyô
2B 73 CA 2D A1 9C 12 0E +sÊ-¡...
51 CF 6D 2E D2 86 14 E1 QÏm.Ò..á
34 96 DB E4 03 51 E6 70 4.Ûä.Qæp
04 2D 9F 1C C3 06 78 98 .-..Ã.x.
7D AA 96 4D B0 6D BA A1 }ª.M°mº¡
4A 92 AD 3A FA 9A D4 98 J.:ú.Ô.
9A 57 2A CF 9D 58 C4 20 .W*Ï.XÄ
BE C6 E7 F6 63 B4 A0 E2 ¾Æçöc´ â
8D B6 1C 96 BA 0A C8 D2 .¶..º.ÈÒ
C6 E2 BC 9C 38 1F 44 31 Æâ¼.8.D1
1F 72 47 D0 FE EA 89 00 .rGÐþê..
45 2F C7 4E 2B 14 88 3D E/ÇN+..=
64 0D 8F 57 81 C5 6F DD d..W.ÅoÝ
90 24 0E 9B 18 6D D4 E2 .$...mÔâ
BE 30 B9 A8 E7 E8 0F E6 ¾0¹¨çè.æ
1A B8 22 57 92 5A 08 0F .¸"W.Z..
D7 56 85 E7 89 3E 46 C6 ×V.ç.>FÆ
0E 60 C3 CB 12 1D EE D3 .`ÃË..îÓ
90 88 BF 8E 79 AF 04 51 ..¿.y¯.Q
67 49 FA 6B 14 32 D8 2D gIúk.2Ø-
CB 88 80 A7 40 36 04 4D Ë..§@6.M
77 90 2A 54 50 C9 EB 83 w.*TPÉë.
DA 19 56 B4 C8 09 97 C0 Ú.V´È..À
A3 0E 7D 1D AC 6B 86 CF £.}.¬k.Ï
5E 80 60 10 5F 32 F0 68 ^.`._2ðh
}
629
I think this is related to this Android 10 behaviour change : certificates are now filtered according to the criteria sent by the server.
In your case the server requires a certificate issued by Admin Example Node 1 (or at least pretends to) :
openssl s_client -crlf -connect node1.sandbox.release-manager.com:443 -servername node1.sandbox.release-manager.com
...
Acceptable client certificate CA names
C = US, O = [], OU = [], CN = Admin Example Node 1
...
(Please note that the O and OU are not empty, they contain the string [] and the CA fields must match)
But your certificate is issued by www.e-nexus.de :
keytool -v -list -storetype PKCS12 -keystore Admin_Example_Node_1_210420063319.p12
...
Alias name: admin example node 1
Creation date: Apr 19, 2021
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Admin Example Node 1, OU=[], O=[], C=US
Issuer: CN=www.e-nexus.de, OU=[], O=[], C=US
I created a CA named CN =Admin Example Node 1, C = US, O = [], OU = [] and used it to issue a certificate :
Alias name: 1
Creation date: Jul 25, 2021
Entry type: PrivateKeyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=hello2, OU=[], O=[], C=US
Issuer: CN=Admin Example Node 1, OU=[], O=[], C=US
Edit : I tested 3 certificates :
CN=Admin Example Node 1, OU=[], O=[], C=USCN=Admin Example Node 1, C=USOn :
With the results :
CN=Admin Example Node 1, OU=[], O=[], C=US)So the solution would be to change either the CA name or the specification sent by the server.
114
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
