Confirmed users
304
edits
SecurityEngineering/x509Certs: Difference between revisions
Jump to navigation
Jump to search
→Error Messages in Firefox
No edit summary |
|||
| Line 120: | Line 120: | ||
In other words, SHA1 is now deprecated for new uses. We should use at least 3072 key sizes and at least a 256 ECC curve. Thus the recommendation here is for the root to be 4096 if using RSA and p384 for the root key. (p384 also chosen for compatibility as most SSL/TLS implementations support this part of suite B). | In other words, SHA1 is now deprecated for new uses. We should use at least 3072 key sizes and at least a 256 ECC curve. Thus the recommendation here is for the root to be 4096 if using RSA and p384 for the root key. (p384 also chosen for compatibility as most SSL/TLS implementations support this part of suite B). | ||
= Error | = Error Codes in Firefox = | ||
Here are some common errors that might be encountered when working with certificates in Firefox. | Here are some common errors that might be encountered when working with certificates in Firefox. | ||
{| class="wikitable" | |||
|- | |||
! Error Code !! What It Means !! What Can I Do | |||
|- | |||
| SEC_ERROR_BAD_DER || A certificate is not properly encoded according to ASN.1 (DER) encoding || Re-generate the improperly-encoded certificate | |||
|- | |||
| SEC_ERROR_CA_CERT_INVALID || An end-entity certificate is being used to issue another certificate || Ensure that any certificate intended to issue certificates has a basic constraints extension with cA: TRUE | |||
|- | |||
| SEC_ERROR_BAD_SIGNATURE || A signature on a certificate is improperly formatted or the certificate has been tampered with || Re-issue the certificate with the bad signature | |||
|- | |||
| SEC_ERROR_CERT_BAD_ACCESS_LOCATION || The OCSP URI in the authorityInformationAccess extension is improperly formed || Re-generate the certificate with a well-formed OCSP URI | |||
|- | |||
| SEC_ERROR_CERT_NOT_IN_NAME_SPACE || || | |||
|- | |||
| SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED || || | |||
|- | |||
| PR_CONNECT_REFUSED_ERROR || || | |||
|- | |||
| SEC_ERROR_EXPIRED_CERTIFICATE || || | |||
|- | |||
| SEC_ERROR_EXTENSION_VALUE_INVALID || || | |||
|- | |||
| SEC_ERROR_INADEQUATE_CERT_TYPE || || | |||
|- | |||
| SEC_ERROR_INADEQUATE_KEY_USAGE || || | |||
|- | |||
| SEC_ERROR_INVALID_ALGORITHM || || | |||
|- | |||
| SEC_ERROR_INVALID_TIME || || | |||
|- | |||
| MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE || || | |||
|- | |||
| SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID || || | |||
|- | |||
| SEC_ERROR_POLICY_VALIDATION_FAILED || || | |||
|- | |||
| SEC_ERROR_REVOKED_CERTIFICATE || || | |||
|- | |||
| SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION || || | |||
|- | |||
| PR_UNKNOWN_ERROR || || | |||
|- | |||
| SEC_ERROR_UNKNOWN_ISSUER || || | |||
|- | |||
| SEC_ERROR_UNTRUSTED_CERT || || | |||
|- | |||
| SEC_ERROR_UNTRUSTED_ISSUER || || | |||
|- | |||
| SEC_ERROR_OCSP_BAD_SIGNATURE || || | |||
|- | |||
| SEC_ERROR_OCSP_INVALID_SIGNING_CERT || || | |||
|- | |||
| SEC_ERROR_OCSP_MALFORMED_REQUEST || || | |||
|- | |||
| SEC_ERROR_OCSP_MALFORMED_RESPONSE || || | |||
|- | |||
| SEC_ERROR_OCSP_OLD_RESPONSE || || | |||
|- | |||
| SEC_ERROR_OCSP_REQUEST_NEEDS_SIG || || | |||
|- | |||
| SEC_ERROR_OCSP_RESPONDER_CERT_INVALID || || | |||
|- | |||
| SEC_ERROR_OCSP_SERVER_ERROR || || | |||
|- | |||
| SEC_ERROR_OCSP_TRY_SERVER_LATER || || | |||
|- | |||
| SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST || || | |||
|- | |||
| SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS || || | |||
|- | |||
| SEC_ERROR_OCSP_UNKNOWN_CERT || || | |||
|- | |||
| SEC_ERROR_OCSP_FUTURE_RESPONSE || || | |||
|- | |||
| SEC_ERROR_INVALID_KEY || || | |||
|- | |||
| SEC_ERROR_UNSUPPORTED_KEYALG || || | |||
|- | |||
| SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE || || | |||
|- | |||
| MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY || || | |||
|- | |||
| MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE || || | |||
|- | |||
| SEC_ERROR_INVALID_ARGS || || | |||
|- | |||
| PR_INVALID_STATE_ERROR || || | |||
|- | |||
| SEC_ERROR_LIBRARY_FAILURE || || | |||
|- | |||
| SEC_ERROR_NO_MEMORY || || | |||
|- | |||
|} | |||