Open BillWeiss opened 10 years ago
Do you mind submitting the certificate (not the key) so I can look into this?
-----BEGIN CERTIFICATE-----
MIIB1zCCAUCgAwIBAgIEhpYSUzANBgkqhkiG9w0BAQUFADAwMS4wLAYDVQQDEyVB
U0EgVGVtcG9yYXJ5IFNlbGYgU2lnbmVkIENlcnRpZmljYXRlMB4XDTE0MDMwMjAy
MjUwOVoXDTI0MDIyODAyMjUwOVowMDEuMCwGA1UEAxMlQVNBIFRlbXBvcmFyeSBT
ZWxmIFNpZ25lZCBDZXJ0aWZpY2F0ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAsrYAfyVs5BozfnxMCS6XIQFF0/Z58qp7mzriWxeE+QYQU7PjzE9Pwat066y4
QwUmsT8jxUjtPE5x4dwZo41I0fr7c+TvTZc4KiTJtbBsZyF68tiZReevtfh4ci8Q
6cYHgBACzWWSMM4itKhvQW2FqEN5hSY9iHsXNH0Lof8D2msCAwEAATANBgkqhkiG
9w0BAQUFAAOBgQCr9+e0Ys3vKHbgADG1L9LAaxxFMreOpDIZfmZHdFhPoB1AdoRo
PwgNth6bEcxpIHMbIE5dp5Szx1lw+S50HYwhvBP2sERTj8INnqQEZFXjm+ajW44M
SDLmZv0lJe1N6CuGouh61fHWYJ05Sk0r4oj2f+3Ohc3/6MIBGpZbLYG/Pg==
-----END CERTIFICATE-----
Here's what openssl has to say about that:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: -2036985261 (-0x7969edad)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=ASA Temporary Self Signed Certificate
Validity
Not Before: Mar 2 02:25:09 2014 GMT
Not After : Feb 28 02:25:09 2024 GMT
Subject: CN=ASA Temporary Self Signed Certificate
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:b2:b6:00:7f:25:6c:e4:1a:33:7e:7c:4c:09:2e:
97:21:01:45:d3:f6:79:f2:aa:7b:9b:3a:e2:5b:17:
84:f9:06:10:53:b3:e3:cc:4f:4f:c1:ab:74:eb:ac:
b8:43:05:26:b1:3f:23:c5:48:ed:3c:4e:71:e1:dc:
19:a3:8d:48:d1:fa:fb:73:e4:ef:4d:97:38:2a:24:
c9:b5:b0:6c:67:21:7a:f2:d8:99:45:e7:af:b5:f8:
78:72:2f:10:e9:c6:07:80:10:02:cd:65:92:30:ce:
22:b4:a8:6f:41:6d:85:a8:43:79:85:26:3d:88:7b:
17:34:7d:0b:a1:ff:03:da:6b
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
ab:f7:e7:b4:62:cd:ef:28:76:e0:00:31:b5:2f:d2:c0:6b:1c:
45:32:b7:8e:a4:32:19:7e:66:47:74:58:4f:a0:1d:40:76:84:
68:3f:08:0d:b6:1e:9b:11:cc:69:20:73:1b:20:4e:5d:a7:94:
b3:c7:59:70:f9:2e:74:1d:8c:21:bc:13:f6:b0:44:53:8f:c2:
0d:9e:a4:04:64:55:e3:9b:e6:a3:5b:8e:0c:48:32:e6:66:fd:
25:25:ed:4d:e8:2b:86:a2:e8:7a:d5:f1:d6:60:9d:39:4a:4d:
2b:e2:88:f6:7f:ed:ce:85:cd:ff:e8:c2:01:1a:96:5b:2d:81:
bf:3e
So the certificate really does have a negative number and it is not a parsing problem. RFC5280 says they should not be, but users should try to handle them anyway. I do not immediately see a way to override this in Go.
Bummer.
Any idea what that is about? The browser deals with it. Chrome reports the serial as 2257982035. It is a self-signed cert generated by the device, so I can imagine it's wrong, but I'm surprised at that.