Quantcast

XPI signing problem when root certificate is version 1?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

XPI signing problem when root certificate is version 1?

robii.no.wiki
Dear list members,

I'm trying to sign an XPI with a certificate with the GTE Cybertrust
Global Root CA at the top of the certificate chain. The chain looks as
follows: [Root CA]-[Primary CA]-[Code Signing CA]-[Signing
certificate], and we want the GTE on certificate on top because it's
one of Firefox's built-in certificates.

When I try to install the XPI in Firefox (v1.5/v2), I get the "Signing
could not be verified (-260)" error. When I replace the GTE Cybertrust
Global Root CA with our own Root CA certificate in the chain, and I
install our Root CA certificate explicitly in Firefox, it works as
expected.

The difference between our Root CA certificate and the GTE one, is the
fact that ours is a version 3 certificate while GTE's is version 1.
Other signed XPI's I downloaded from the Internet all seem to point to
a level 3 root certificate.

Has anyone experienced similar issues or can anyone point me in
another direction, because I'm running out of inspiration real fast
here.

Thanks,

Robby

_______________________________________________
dev-tech-xpinstall mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-xpinstall
Loading...