[foaf-protocols] getting the certificate to work on first useage

Nathan nathan at webr3.org
Thu May 20 13:23:43 CEST 2010

Story Henry wrote:
> Ok, I just tried it with Chromium on  this very useful script 
>    https://foafssl.org/srv/test.jsp
> Just after the test it shows:
> Certificate chain:
>  - CN=TEST3Chrome,UID=http://webid.myxwiki.org/xwiki/bin/view/XWiki/test20101\#me,OU=The Community Of Self Signers,O=FOAF\+SSL
> Verified URIs:
> So it looks like the certificate is sent, but not verified on first attempt.
> This seems to rule out a problem with the browser, and we should look more at foafssl.org server server or perhaps xwiki.


I've done some testing, and the issue appears to be specific to IDP.

To be specific, after some intensive testing; the issue seems to be 
specific to IDP, and time related, if I create a new certificate and 
immediately try and use it on IDP i get a fail, try and use it on other 
test sites and I get success. Moreover and more specifically, the issue 
seems to be time dependent, certificate failed several times in quick 
succession, then I went for a smoke, came back and it worked (withuot 
doing anything but refreshing).

Thus if I was trying to fix this, my first point of call would be to 
check that IDP wasn't caching responses from xwiki for a couple of minutes.

Best & hope that helps you squash it,


ps: One more check and I could have confirmed this 100%, but had to stop 
because xwiki appears to have suddenly lost the create certificate 
option from the profile pages in the last couple of minutes.

More information about the foaf-protocols mailing list