[foaf-protocols] getting the certificate to work on first useage
nathan at webr3.org
Thu May 20 13:23:43 CEST 2010
Story Henry wrote:
> Ok, I just tried it with Chromium on this very useful script
> Just after the test it shows:
> Certificate chain:
> - CN=TEST3Chrome,UID=http://webid.myxwiki.org/xwiki/bin/view/XWiki/test20101\#me,OU=The Community Of Self Signers,O=FOAF\+SSL
> Verified URIs:
> So it looks like the certificate is sent, but not verified on first attempt.
> This seems to rule out a problem with the browser, and we should look more at foafssl.org server server or perhaps xwiki.
I've done some testing, and the issue appears to be specific to IDP.
To be specific, after some intensive testing; the issue seems to be
specific to IDP, and time related, if I create a new certificate and
immediately try and use it on IDP i get a fail, try and use it on other
test sites and I get success. Moreover and more specifically, the issue
seems to be time dependent, certificate failed several times in quick
succession, then I went for a smoke, came back and it worked (withuot
doing anything but refreshing).
Thus if I was trying to fix this, my first point of call would be to
check that IDP wasn't caching responses from xwiki for a couple of minutes.
Best & hope that helps you squash it,
ps: One more check and I could have confirmed this 100%, but had to stop
because xwiki appears to have suddenly lost the create certificate
option from the profile pages in the last couple of minutes.
More information about the foaf-protocols