Certificate was not decoded - no values of attribute [2.5.4.3]
nikolamnetset Sep 21, 2018 7:53 AMI am trying to configure client-cert authentication on WildFly 13. When I generate my certificates using keytool everything works fine,
but when I generate the same cert with KeyStore Explorer (I am sure they are the same in terms of fields) I get the following log from wildlfy:
09:43:07,034 TRACE [org.wildfly.security] (default task-1) Evidence verification: evidence = org.wildfly.security.evidence.X509PeerCertificateChainEvidence@30529f64 evidencePrincipal = CN=example, OU=asdf, O=asdf, L=asdf, ST=asdf, C=rs
09:43:07,038 TRACE [org.wildfly.security] (default task-1) X500 principal [CN=example, OU=asdf, O=asdf, L=asdf, ST=asdf, C=rs] was not decoded - no values of attribute [2.5.4.3]
09:43:07,039 TRACE [org.wildfly.security] (default task-1) Principal assigning: [CN=example, OU=asdf, O=asdf, L=asdf, ST=asdf, C=rs], pre-realm rewritten: [CN=example,OU=asdf,O=asdf,L=asdf,ST=asdf,C=rs], realm name: [QuickstartRealm], post-realm rewritten: [CN=example,OU=asdf,O=asdf,L=asdf,ST=asdf,C=rs], realm rewritten: [CN=example,OU=asdf,O=asdf,L=asdf,ST=asdf,C=rs]
09:43:07,042 TRACE [org.wildfly.security] (default task-1) X500 principal [CN=example, OU=asdf, O=asdf, L=asdf, ST=asdf, C=rs] was not decoded - no values of attribute [2.5.4.3]
09:43:07,042 TRACE [org.wildfly.security] (default task-1) Evidence verification failed - alias [CN=example,OU=asdf,O=asdf,L=asdf,ST=asdf,C=rs] does not exist in KeyStore
09:43:07,042 TRACE [org.wildfly.security.http.cert] (default task-1) X509PeerCertificateChainEvidence was verified by EvidenceVerifyCallback handler: false
09:43:07,043 TRACE [org.wildfly.security.http.cert] (default task-1) Both, re-authentication and authentication, failed
09:43:07,043 TRACE [org.wildfly.security] (default task-1) Handling AuthenticationCompleteCallback: fail
WF is unable to decode my certificate, but here is what it prints as contents of the received certificate:
[
Version: V3
Subject: CN=example, OU=asdf, O=asdf, L=asdf, ST=asdf, C=rs
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 28943634218833075869632324433022151787018384224070249665101807818438202659591156759759666762051504811552492880199168272161250156886273013609997722588165302427369945497172245236093809802284926988359896403558563983410931415513674898937445320875902158179450082720181971760142608638028320883078395306843890675049967571183410745427508478025750573157321256427090420913692249228252176013421163771007476575189291125856362016517284836093451834772827901488798525254587359571783033998088782765150784776005194928828397033440623126660304800406643410145879503565761758203792019679457711082675193630263127610812597559102497541144591
public exponent: 65537
Validity: [From: Thu Sep 20 17:18:43 CEST 2018,
To: Fri Sep 20 17:18:43 CEST 2019]
Issuer: CN=example, OU=asdf, O=asdf, L=asdf, ST=asdf, C=rs
SerialNumber: [ 5ba3ba53]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4F 16 F1 44 5D 47 48 CB O..D]GH.
]
]
]
Can you help me?
UPDATE:
I noticed that there is a difference the type of CN field. The version that works has a PrintableString type for CN field, and the version that doesn't work has UTF8String as a type for CN field.