search

PeculiarVentures / fortify-tools

Fortify enables web applications to use smart cards, local certificate stores and do certificate enrollment. This is the "Tool" application used in the Fortify desktop application.
https://tools.fortifyapp.com
MIT License
15 stars 7 forks source link

Unclear behavior of the system for the user when creating Create Self-signed certificate. #206

Closed OlhaPeculiar closed 2 months ago

OlhaPeculiar commented 2 months ago

When creating certificates, validation should be added to ensure the certificate names are unique, along with a user-friendly notification informing users that certificate names must be different.

https://github.com/user-attachments/assets/78fa88ee-845c-4f29-be51-a79e3d20488f

donskov commented 2 months ago

@OlhaPeculiar I'm not really sure, but the certificate names might be the same. This is not an error.

OlhaPeculiar commented 2 months ago

I cannot create a certificate with the same email, for example (for document/code signing, S/MiME) in Create Self-signed certificate. Look at video, it could be different error, but User can't add Create Self-signed certificate for now @donskov

donskov commented 2 months ago

Ah, agree @OlhaPeculiar. @OleksandrSPV Please check why this happens and let's try to show the text of the error if it is informative.

OleksandrSPV commented 2 months ago

Ah, agree @OlhaPeculiar. @OleksandrSPV Please check why this happens and let's try to show the text of the error if it is informative.

Sure, I'll check, thanks @OlhaPeculiar @donskov

microshine commented 2 months ago

Errors with codes starting with CKR_ (such as CKR_FUNCTION_FAILED) are coming from PKCS#11 modules. In these cases, we are unable to retrieve additional information because the modules only return the error code. Provider implementations may also vary: some may produce this error, while others may not, or may return a different error code altogether.

OleksandrSPV commented 2 months ago

@microshine and I realised if remove serialNumber: 01, certificate created successfully https://github.com/PeculiarVentures/fortify-webcomponents/blob/b5899f5eb228487961646eab9fc86919c1ed90f3/packages/client-core/src/fortify_api.ts#L719

https://github.com/PeculiarVentures/x509/blob/541460b83ad99096b45e888f47dda512809551e8/src/x509_cert_generator.ts#L133 @donskov Why do we use the same id (01)?

image
microshine commented 2 months ago

As far as I remember, macOS Keychain cannot store two certificates with the same name and serial number. If I'm not mistaken, I encountered this issue when creating SSL certificates for Fortify.

donskov commented 2 months ago

@microshine and I realised if remove serialNumber: 01, certificate created successfully https://github.com/PeculiarVentures/fortify-webcomponents/blob/b5899f5eb228487961646eab9fc86919c1ed90f3/packages/client-core/src/fortify_api.ts#L719

https://github.com/PeculiarVentures/x509/blob/541460b83ad99096b45e888f47dda512809551e8/src/x509_cert_generator.ts#L133 @donskov Why do we use the same id (01)?

image

I removed the static serial number value. Please update deps.

OleksandrSPV commented 2 months ago

@OlhaPeculiar Please check https://fortify-tools.vercel.app, thanks

OlhaPeculiar commented 2 months ago

Done