error invalid certificate

naveen.bn naveen.bn at globaledgesoft.com
Fri May 30 08:50:32 EDT 2008


*Hi Kevin,

I am getting this invlid certificate and in the krb5kdc log file i am getting certificate 
signature failure,but why 
And also i am not able to see the contents of the certificates in the ethereal capture or the contents of the PA-DAS .why is the request 
going with the PA-DAS and why not PA-PK-AS-REQ.
This is the message display after doing kinit and the contents of the certificates are displayed bellow.
 
**kinit -X X509_user_identity=FILE:/client/naveen.pem,/client/naveen.key naveen*
*kinit(v5): Invalid certificate while getting initial credentials*

*This is the contents of my certificates
/**************** CA certificate ca.pem *************************/
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            c0:cd:bd:5b:35:16:57:06
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=in, O=globaledgesoft, OU=test, CN=ca
        Validity
            Not Before: May 30 10:54:58 2008 GMT
            Not After : May 30 10:54:58 2009 GMT
        Subject: C=in, O=globaledgesoft, OU=test, CN=ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:aa:6d:c5:a1:e4:78:a2:8b:c8:c9:64:1e:55:c3:
                    2a:92:34:fc:db:0c:fd:7b:db:61:ff:27:6a:b8:d5:
                    a6:2e:9c:10:78:28:b7:55:1c:85:73:e1:c9:ef:c1:
                    2a:4c:6f:68:a6:fa:21:39:84:03:f0:28:9e:52:5a:
                    b0:5b:a7:ad:64:23:3d:8b:1c:54:01:0b:72:00:3c:
                    2c:20:21:37:80:c2:ea:6b:18:a9:c0:76:c9:fc:b0:
                    87:5a:18:84:05:23:93:bc:64:7e:43:f2:25:fe:d5:
                    6c:d0:15:08:82:c0:af:16:07:05:57:22:d1:72:7c:
                    0c:8a:9c:8e:58:70:57:b3:ad
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha1WithRSAEncryption
        4b:10:72:03:29:27:08:16:0b:10:39:dc:a4:e8:36:e7:70:6e:
        28:e4:55:22:d5:e6:b5:28:d4:95:ed:da:00:79:75:a4:2c:74:
        59:50:4b:15:c7:6f:3c:45:63:31:b5:56:8e:36:d4:eb:9d:fc:
        02:b4:56:51:bd:cf:f2:e3:fb:b5:c8:67:e5:ed:82:64:99:76:
        f7:5a:9c:e0:bd:9b:92:53:b6:db:e1:a8:45:78:17:b9:ec:8e:
        80:3f:9d:6d:fe:38:89:04:af:09:68:93:1d:a2:08:69:99:02:
        40:d7:f4:42:91:16:4a:e0:65:fc:32:27:d4:49:1b:10:a1:72:
        11:50
-----BEGIN CERTIFICATE-----
MIICCTCCAXICCQDAzb1bNRZXBjANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJp
bjEXMBUGA1UEChMOZ2xvYmFsZWRnZXNvZnQxFDASBgNVBAsTC3BhY2tldGNhYmxl
MQswCQYDVQQDEwJjYTAeFw0wODA1MzAxMDU0NThaFw0wOTA1MzAxMDU0NThaMEkx
CzAJBgNVBAYTAmluMRcwFQYDVQQKEw5nbG9iYWxlZGdlc29mdDEUMBIGA1UECxML
cGFja2V0Y2FibGUxCzAJBgNVBAMTAmNhMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQCqbcWh5Hiii8jJZB5VwyqSNPzbDP1722H/J2q41aYunBB4KLdVHIVz4cnv
wSpMb2im+iE5hAPwKJ5SWrBbp61kIz2LHFQBC3IAPCwgITeAwuprGKnAdsn8sIda
GIQFI5O8ZH5D8iX+1WzQFQiCwK8WBwVXItFyfAyKnI5YcFezrQIDAQABMA0GCSqG
SIb3DQEBBQUAA4GBAEsQcgMpJwgWCxA53KToNudwbijkVSLV5rUo1JXt2gB5daQs
dFlQSxXHbzxFYzG1Vo421Oud/AK0VlG9z/Lj+7XIZ+XtgmSZdvdanOC9m5JTttvh
qEV4F7nsjoA/nW3+OIkErwlokx2iCGmZAkDX9EKRFkrgZfwyJ9RJGxChchFQ
-----END CERTIFICATE--
/************************ END of CA ****************************/

/**********************   CLIENT cert naveen.pem **************************/
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 1 (0x1)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=in, O=globaledgesoft, OU=text, CN=ca
        Validity
            Not Before: May 30 11:00:19 2008 GMT
            Not After : May 30 11:00:19 2009 GMT
        Subject: C=in, O=globaledgesoft, OU=test, CN=naveen
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (512 bit)
                Modulus (512 bit):
                    00:a9:7b:82:c0:0d:59:b6:8a:3a:3e:66:06:ad:3d:
                    c6:ac:25:26:1c:47:dd:38:6f:23:d2:cb:9a:2b:8b:
                    53:da:42:d9:4b:5f:03:31:e7:0d:88:61:f2:c1:4b:
                    e6:0e:24:1a:1d:db:a6:53:96:89:a5:ce:f4:ae:e0:
                    2f:e7:77:d9:6b
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha1WithRSAEncryption
        93:16:30:7b:f4:1e:0c:12:0e:2b:7e:de:9f:58:cd:21:51:ad:
        00:ee:b0:44:13:b9:ad:51:d0:9c:77:48:2b:c4:6e:eb:6f:f2:
        2e:11:74:68:a3:58:0f:3a:81:b7:75:d3:b2:53:59:c0:4d:51:
        bd:ee:ff:6d:24:11:d5:8b:5a:f9:af:31:1f:4d:02:1e:98:d0:
        0b:63:7e:98:e4:ef:5a:d2:57:35:04:94:03:b0:f5:f1:3b:88:
        4e:4a:b3:bc:a8:3f:26:41:25:65:db:4e:2f:66:d3:8c:a3:a7:
        92:91:22:ad:7c:e4:3e:83:f4:f3:30:b0:0c:17:74:81:55:35:
        70:4a
-----BEGIN CERTIFICATE-----
MIIBwTCCASoCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCaW4xFzAVBgNV
BAoTDmdsb2JhbGVkZ2Vzb2Z0MRQwEgYDVQQLEwtwYWNrZXRjYWJsZTELMAkGA1UE
AxMCY2EwHhcNMDgwNTMwMTEwMDE5WhcNMDkwNTMwMTEwMDE5WjBNMQswCQYDVQQG
EwJpbjEXMBUGA1UEChMOZ2xvYmFsZWRnZXNvZnQxFDASBgNVBAsTC3BhY2tldGNh
YmxlMQ8wDQYDVQQDEwZuYXZlZW4wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAqXuC
wA1Ztoo6PmYGrT3GrCUmHEfdOG8j0suaK4tT2kLZS18DMecNiGHywUvmDiQaHdum
U5aJpc70ruAv53fZawIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAJMWMHv0HgwSDit+
3p9YzSFRrQDusEQTua1R0Jx3SCvEbutv8i4RdGijWA86gbd107JTWcBNUb3u/20k
EdWLWvmvMR9NAh6Y0Atjfpjk71rSVzUElAOw9fE7iE5Ks7yoPyZBJWXbTi9m04yj
p5KRIq185D6D9PMwsAwXdIFVNXBK
-----END CERTIFICATE-----
/******************* end of client certificate **************/

/******************  start of kdc.pem ********************/
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 2 (0x2)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=in, O=globaledgesoft, OU=test, CN=ca
        Validity
            Not Before: May 30 11:03:05 2008 GMT
            Not After : May 30 11:03:05 2009 GMT
        Subject: C=in, O=globaledgesoft, OU=test, CN=kdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (512 bit)
                Modulus (512 bit):
                    00:d2:c4:be:81:c5:a5:15:30:10:1a:00:9c:24:a8:
                    11:9e:63:dd:c5:c6:f1:06:4c:d9:66:eb:81:6a:ba:
                    85:5a:55:c8:74:6d:2a:75:ff:ba:44:02:19:d3:2e:
                    a7:15:59:8f:62:94:9e:19:d5:0c:05:ce:f7:70:ce:
                    4b:ab:2b:a2:51
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha1WithRSAEncryption
        5f:e3:33:e0:55:c6:42:66:93:2c:6a:1a:df:12:cc:9e:85:75:
        4e:d0:1a:7f:45:a3:2a:67:8b:af:39:6c:a5:a3:52:83:9f:95:
        d3:f7:6f:fd:e0:b8:70:51:49:3f:77:2f:cd:fa:d3:e5:74:1f:
        a6:c8:c3:79:7c:d8:3e:17:2e:19:2c:77:fd:c3:d1:3c:d1:25:
        eb:d9:6c:3a:64:16:66:1d:61:63:48:1f:d1:82:89:73:c5:3e:
        5c:be:5f:99:0d:b3:41:29:1e:a5:51:ca:16:11:6d:3e:2a:4b:
        60:48:fb:42:44:4b:10:96:d8:6a:30:4d:8a:32:4b:0f:47:19:
        ea:6e
-----BEGIN CERTIFICATE-----
MIIBvjCCAScCAQIwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCaW4xFzAVBgNV
BAoTDmdsb2JhbGVkZ2Vzb2Z0MRQwEgYDVQQLEwtwYWNrZXRjYWJsZTELMAkGA1UE
AxMCY2EwHhcNMDgwNTMwMTEwMzA1WhcNMDkwNTMwMTEwMzA1WjBKMQswCQYDVQQG
EwJpbjEXMBUGA1UEChMOZ2xvYmFsZWRnZXNvZnQxFDASBgNVBAsTC3BhY2tldGNh
YmxlMQwwCgYDVQQDEwNrZGMwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA0sS+gcWl
FTAQGgCcJKgRnmPdxcbxBkzZZuuBarqFWlXIdG0qdf+6RAIZ0y6nFVmPYpSeGdUM
Bc73cM5LqyuiUQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAF/jM+BVxkJmkyxqGt8S
zJ6FdU7QGn9Foypni685bKWjUoOfldP3b/3guHBRST93L8360+V0H6bIw3l82D4X
Lhksd/3D0TzRJevZbDpkFmYdYWNIH9GCiXPFPly+X5kNs0EpHqVRyhYRbT4qS2BI
+0JESxCW2GowTYoySw9HGepu
-----END CERTIFICATE-----

Kindly Guide me to get the AS_REP with KDC certificates.
*





More information about the Kerberos mailing list