Hello, I refactored the certificate generation code for sso.debian.org, and the certificates it generates now still work in Firefox but not in Chrome. Steps to reproduce: 1. Back up and delete all Debian certificates in Chrome 2. Go to one of these links to generate a new one: https://sso.debian.org/debian/certs/enroll_csr/ https://sso.debian.org/alioth/certs/enroll_csr/ 3. Go to chrome://settings/certificates and import it (remember to combine key and certificate in a .p12 file, the enroll_csr has a command line example 4. Visit https://sso.debian.org/ca/test/env: chrome doesn't even ask for which certificate to use Can you help me find out what is in the certificates it generates now that chrome doesn't like? This is the code that generates the certificate: https://anonscm.debian.org/cgit/debian-sso/debian-sso.git/tree/ca/ca.py#n402 This is the code before the refactoring: https://anonscm.debian.org/cgit/debian-sso/debian-sso.git/tree/ca/ca.py?id=926d5ca1c448fdd4f02ae7247ef5f695d8e2f22e#n331 Enrico -- GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini <enrico@enricozini.org>
Attachment:
signature.asc
Description: PGP signature