Skip to content

Chromium: net::ERR_CERT_INVALID #2051

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
LemmingZwerg1 opened this issue Nov 21, 2024 · 7 comments
Closed

Chromium: net::ERR_CERT_INVALID #2051

LemmingZwerg1 opened this issue Nov 21, 2024 · 7 comments

Comments

@LemmingZwerg1
Copy link
Contributor

Hi,
im using phpseclib for issuing self signed certificates for my local systems.

The Problem

Since some days i have noticed some problems using chromium based browsers with only one of my websites. (Firefox works as expected on this site.) If i open this site on chromium based browsers, i got the error message: net::ERR_CERT_INVALID. This specific certificate was issued by an ECC Certificate Authority and used and RSA 2048 bit key.

Detailed Analyse of the Problem

For the further analysis it is important to know something about my local setup. For Web-Certificates i issued an intermediate CA by one of my root certificate authorities. The keytype of both authorities is ecc. I use rarely chrome based browsers since i switched to firefox on all my devices. The device/system where i use this certificate only supports RSA certificates.

I started my investigation with reading the changelog of chromium, but unfortunatelly i haven't found an acceptable answer or change which describes this behaviour. (Maybe someone other knows sth about it?)
Next i took a closer look to the certificate and have found one big differnence to a working one (issued from the same intermediate CA): ECC (works like a charm) vs RSA (does not work).

So the chain for the working certificate:
Root CA (ECC) -> Intermediate CA (ECC) -> working.site.example.com (ECC)

And the Chain for the not working certificate:
Root CA (ECC) -> Intermediate CA (ECC) -> error.site.example.com (RSA)

And therefor the "Public Key Algorithm" differences for the two certificates: "rsaEncryption" vs. "id-ecPublicKey"

So I used my test instance too reproduce this specific behaviour:

I created one Root Certificate Authority:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:ef:b4:85:31:d8:ca:52:e8:17:01:f4:1c:98:55:80
        Signature Algorithm: ecdsa-with-SHA384
        Issuer: C=DE, O=Lemmi Trust Services, CN=LTS Testing Root G3
        Validity
            Not Before: Nov 20 23:00:00 2024 GMT
            Not After : Nov 20 23:00:00 2049 GMT
        Subject: C=DE, O=Lemmi Trust Services, CN=LTS Testing Root G3
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (384 bit)
                pub:
                    04:f6:7b:6c:4d:7c:17:af:c0:ee:14:ad:3e:33:57:
                    a4:6d:b0:99:60:58:1b:68:8d:35:2d:bf:a8:95:f7:
                    7d:08:31:1f:8f:c3:79:25:21:23:48:9e:f8:a1:10:
                    6a:d2:8c:59:fa:0c:d9:0f:42:d6:c9:a6:2a:e5:17:
                    45:53:13:62:ef:4c:a4:90:52:d6:3c:33:31:c1:26:
                    b0:46:b9:3a:55:8b:48:1f:2d:5c:21:24:f7:14:29:
                    af:1d:83:dd:08:69:20
                ASN1 OID: secp384r1
                NIST CURVE: P-384
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                5D:77:2E:35:6D:7C:FD:A0:4C:8F:A8:0B:98:49:F2:F6:C1:85:1F:C9
            X509v3 Key Usage: critical
                Digital Signature, Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Authority Key Identifier: 
                5D:77:2E:35:6D:7C:FD:A0:4C:8F:A8:0B:98:49:F2:F6:C1:85:1F:C9
    Signature Algorithm: ecdsa-with-SHA384
    Signature Value:
        30:65:02:30:11:d3:6e:5b:09:27:0f:cd:56:30:66:8d:b7:66:
        11:d6:a7:8e:9f:ac:36:4c:48:ec:a5:12:e8:32:dc:61:a0:cd:
        9c:26:7c:69:d1:cf:47:06:29:56:ef:cb:e7:24:cf:86:02:31:
        00:80:57:2c:db:2c:7b:3f:a4:88:9c:3e:4e:17:57:7e:b1:34:
        5f:15:ea:e4:58:68:5f:b0:50:4d:67:04:1b:36:16:aa:c1:db:
        90:be:df:a1:a3:7b:09:85:09:0a:fb:4a:5d
-----BEGIN CERTIFICATE-----
MIICMjCCAbigAwIBAgIQHO+0hTHYylLoFwH0HJhVgDAKBggqhkjOPQQDAzBKMQsw
CQYDVQQGDAJERTEdMBsGA1UECgwUTGVtbWkgVHJ1c3QgU2VydmljZXMxHDAaBgNV
BAMME0xUUyBUZXN0aW5nIFJvb3QgRzMwHhcNMjQxMTIwMjMwMDAwWhcNNDkxMTIw
MjMwMDAwWjBKMQswCQYDVQQGDAJERTEdMBsGA1UECgwUTGVtbWkgVHJ1c3QgU2Vy
dmljZXMxHDAaBgNVBAMME0xUUyBUZXN0aW5nIFJvb3QgRzMwdjAQBgcqhkjOPQIB
BgUrgQQAIgNiAAT2e2xNfBevwO4UrT4zV6RtsJlgWBtojTUtv6iV930IMR+Pw3kl
ISNInvihEGrSjFn6DNkPQtbJpirlF0VTE2LvTKSQUtY8MzHBJrBGuTpVi0gfLVwh
JPcUKa8dg90IaSCjYzBhMB0GA1UdDgQWBBRddy41bXz9oEyPqAuYSfL2wYUfyTAO
BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRddy41
bXz9oEyPqAuYSfL2wYUfyTAKBggqhkjOPQQDAwNoADBlAjAR025bCScPzVYwZo23
ZhHWp46frDZMSOylEugy3GGgzZwmfGnRz0cGKVbvy+ckz4YCMQCAVyzbLHs/pIic
Pk4XV36xNF8V6uRYaF+wUE1nBBs2FqrB25C+36GjewmFCQr7Sl0=
-----END CERTIFICATE-----

And I issued one Intermediate Certificate Authority and setup this as them in my production PKI:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:1f:de:8c:ce:a8:46:fd:06:fe:3e:f6:7b:0b:c7:95
        Signature Algorithm: ecdsa-with-SHA384
        Issuer: C=DE, O=Lemmi Trust Services, CN=LTS Testing Root G3
        Validity
            Not Before: Nov 20 23:00:00 2024 GMT
            Not After : Nov 20 23:00:00 2029 GMT
        Subject: C=DE, O=LemmiSign, CN=LemmiSign Testing TLS-DV 3
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (384 bit)
                pub:
                    04:7e:ba:b0:df:9a:5a:e4:9c:c7:fa:87:27:e1:e5:
                    96:a5:37:eb:6a:78:23:23:1b:63:88:13:4c:38:46:
                    41:da:c1:10:7f:92:0d:8d:cd:b4:11:e0:a7:bb:0c:
                    16:6b:bd:fa:ee:6d:da:28:31:67:c3:f1:2b:77:fa:
                    b0:ac:36:8e:78:41:f3:f8:1d:2b:48:b0:02:3d:31:
                    36:95:bf:f2:5a:9e:00:e2:75:fb:88:30:ec:4d:f6:
                    ff:ae:4c:3a:13:f0:2f
                ASN1 OID: secp384r1
                NIST CURVE: P-384
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                D3:12:5C:D6:D1:08:E7:92:FB:38:61:3D:4F:7E:C7:16:93:04:16:D4
            X509v3 Key Usage: critical
                Digital Signature, Certificate Sign, CRL Sign
            X509v3 Extended Key Usage: 
                TLS Web Client Authentication, TLS Web Server Authentication
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 Authority Key Identifier: 
                5D:77:2E:35:6D:7C:FD:A0:4C:8F:A8:0B:98:49:F2:F6:C1:85:1F:C9
            Authority Information Access: 
                OCSP - URI:http://ocsp01.testing.lemmi.org/
                CA Issuers - URI:http://cacerts.testing.lemmi.org/LTS_Testing_Root_G3.crt
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl01.testing.lemmi.org/LTS_Testing_Root_G3.crl
    Signature Algorithm: ecdsa-with-SHA384
    Signature Value:
        30:64:02:30:3f:ef:09:cb:e7:0b:c6:56:cb:dc:ec:c2:d9:4f:
        ae:a8:ab:84:eb:54:b8:1e:ee:2d:11:0c:be:e5:67:cc:04:f4:
        f2:69:44:48:9c:75:67:79:c4:e6:17:91:08:a3:4a:8f:02:30:
        77:5e:8a:93:63:13:af:a9:72:6f:b2:f7:65:8b:44:61:b9:a1:
        e8:e8:0a:39:7b:b3:e6:e8:e0:18:b2:78:ae:39:49:fb:7b:c7:
        e2:2d:d8:ff:71:b1:4d:45:f2:c8:73:d5
-----BEGIN CERTIFICATE-----
MIIDITCCAqigAwIBAgIQFh/ejM6oRv0G/j72ewvHlTAKBggqhkjOPQQDAzBKMQsw
CQYDVQQGDAJERTEdMBsGA1UECgwUTGVtbWkgVHJ1c3QgU2VydmljZXMxHDAaBgNV
BAMME0xUUyBUZXN0aW5nIFJvb3QgRzMwHhcNMjQxMTIwMjMwMDAwWhcNMjkxMTIw
MjMwMDAwWjBGMQswCQYDVQQGDAJERTESMBAGA1UECgwJTGVtbWlTaWduMSMwIQYD
VQQDDBpMZW1taVNpZ24gVGVzdGluZyBUTFMtRFYgMzB2MBAGByqGSM49AgEGBSuB
BAAiA2IABH66sN+aWuScx/qHJ+HllqU362p4IyMbY4gTTDhGQdrBEH+SDY3NtBHg
p7sMFmu9+u5t2igxZ8PxK3f6sKw2jnhB8/gdK0iwAj0xNpW/8lqeAOJ1+4gw7E32
/65MOhPwL6OCAVUwggFRMB0GA1UdDgQWBBTTElzW0Qjnkvs4YT1PfscWkwQW1DAO
BgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIG
A1UdEwEB/wQIMAYBAf8CAQAwHwYDVR0jBBgwFoAUXXcuNW18/aBMj6gLmEny9sGF
H8kwgYIGCCsGAQUFBwEBBHYwdDAsBggrBgEFBQcwAYYgaHR0cDovL29jc3AwMS50
ZXN0aW5nLmxlbW1pLm9yZy8wRAYIKwYBBQUHMAKGOGh0dHA6Ly9jYWNlcnRzLnRl
c3RpbmcubGVtbWkub3JnL0xUU19UZXN0aW5nX1Jvb3RfRzMuY3J0MEcGA1UdHwRA
MD4wPKA6oDiGNmh0dHA6Ly9jcmwwMS50ZXN0aW5nLmxlbW1pLm9yZy9MVFNfVGVz
dGluZ19Sb290X0czLmNybDAKBggqhkjOPQQDAwNnADBkAjA/7wnL5wvGVsvc7MLZ
T66oq4TrVLge7i0RDL7lZ8wE9PJpREicdWd5xOYXkQijSo8CMHdeipNjE6+pcm+y
92WLRGG5oejoCjl7s+bo4BiyeK45Sft7x+It2P9xsU1F8shz1Q==
-----END CERTIFICATE-----

Then i issued two Subscribe Certificates:

One with key type RSA (Lets call this one "Test Certificate RSA"):

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:cc:90:97:b4:d5:76:a8:28:8f:a1:a6:42:1d:e3:a1
        Signature Algorithm: ecdsa-with-SHA256
        Issuer: C=DE, O=LemmiSign, CN=LemmiSign Testing TLS-DV 3
        Validity
            Not Before: Nov 20 23:00:00 2024 GMT
            Not After : Dec 20 23:00:00 2025 GMT
        Subject: C=DE, O=Lemmi Networks, OU=Test Certificate RSA, CN=localhost
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:99:28:35:66:8c:91:62:f0:3b:aa:64:29:2c:c3:
                    9f:fe:b4:94:b4:eb:90:11:49:af:6f:05:c2:0c:c9:
                    e9:f9:9a:c3:cd:a4:1c:5f:85:07:b7:9f:e4:ea:27:
                    21:ba:08:4e:1d:99:6f:91:02:33:ee:fc:50:c9:08:
                    c9:58:8c:4c:38:31:43:63:72:c1:a6:1b:10:c4:e4:
                    66:28:04:6b:aa:ba:42:4c:98:f8:21:4a:8c:6a:ad:
                    50:b7:2d:74:a0:a6:ae:ce:c2:3f:db:88:3a:f5:6f:
                    3a:90:36:cc:c6:74:17:c8:5e:c8:bf:5b:9b:0b:61:
                    b5:93:c8:58:9b:15:d8:20:8b:2e:86:bd:6d:c2:f4:
                    fa:38:5e:e6:e8:56:ec:b6:65:33:58:bc:bf:7e:47:
                    53:f9:11:89:39:1b:f1:ec:6e:3d:e7:99:6a:17:f0:
                    f6:3c:38:ec:c3:47:cc:0f:d3:15:5f:a1:4f:d5:03:
                    9a:95:d9:7e:a0:7e:c7:d8:7a:73:62:97:5f:3b:b5:
                    8d:8c:f8:4d:14:92:12:a8:14:68:84:2f:d9:37:81:
                    db:69:3e:4c:9a:05:38:f7:25:fd:b4:c1:e5:e1:f8:
                    c4:b3:f5:da:6e:40:49:65:eb:2c:9b:c0:b7:ac:6a:
                    36:91:0c:ce:b0:9a:80:f6:cb:26:b2:ad:40:76:89:
                    11:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                14:1A:29:3B:E7:84:88:54:89:0C:F8:88:1C:CF:D8:80:28:58:55:F0
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication
            X509v3 Subject Alternative Name: 
                DNS:localhost
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Authority Key Identifier: 
                D3:12:5C:D6:D1:08:E7:92:FB:38:61:3D:4F:7E:C7:16:93:04:16:D4
            Authority Information Access: 
                OCSP - URI:http://ocsp01.testing.lemmi.org
                CA Issuers - URI:http://cacerts.testing.lemmi.org/LemmiSign_Testing_TLS_DV_3.crt
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl01.testing.lemmi.org/LemmiSign_Testing_TLS_DV_3.crl
    Signature Algorithm: ecdsa-with-SHA256
    Signature Value:
        30:65:02:31:00:89:c4:eb:39:6a:ee:b3:f6:eb:36:2a:9a:0b:
        1e:11:aa:71:6e:ca:42:e8:6f:fb:2f:b4:ee:3c:f8:df:47:82:
        b8:f9:43:94:e9:f7:a5:46:70:7f:d4:66:b7:eb:de:b9:9c:02:
        30:7c:56:70:e7:7f:0d:3a:e8:df:b5:c0:67:d9:b1:0c:84:bf:
        88:c1:76:1c:c7:a2:be:fd:c6:d9:5f:9b:2d:25:d4:e6:e3:21:
        d0:95:41:c6:37:57:33:b5:d8:12:85:3c:ab
-----BEGIN CERTIFICATE-----
MIID9jCCA3qgAwIBAgIQHsyQl7TVdqgoj6GmQh3joTAMBggqhkjOPQQDAgUAMEYx
CzAJBgNVBAYMAkRFMRIwEAYDVQQKDAlMZW1taVNpZ24xIzAhBgNVBAMMGkxlbW1p
U2lnbiBUZXN0aW5nIFRMUy1EViAzMB4XDTI0MTEyMDIzMDAwMFoXDTI1MTIyMDIz
MDAwMFowWTELMAkGA1UEBgwCREUxFzAVBgNVBAoMDkxlbW1pIE5ldHdvcmtzMR0w
GwYDVQQLDBRUZXN0IENlcnRpZmljYXRlIFJTQTESMBAGA1UEAwwJbG9jYWxob3N0
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmSg1ZoyRYvA7qmQpLMOf
/rSUtOuQEUmvbwXCDMnp+ZrDzaQcX4UHt5/k6ichughOHZlvkQIz7vxQyQjJWIxM
ODFDY3LBphsQxORmKARrqrpCTJj4IUqMaq1Qty10oKauzsI/24g69W86kDbMxnQX
yF7Iv1ubC2G1k8hYmxXYIIsuhr1twvT6OF7m6FbstmUzWLy/fkdT+RGJORvx7G49
55lqF/D2PDjsw0fMD9MVX6FP1QOaldl+oH7H2HpzYpdfO7WNjPhNFJISqBRohC/Z
N4HbaT5MmgU49yX9tMHl4fjEs/XabkBJZessm8C3rGo2kQzOsJqA9ssmsq1AdokR
hQIDAQABo4IBaDCCAWQwHQYDVR0OBBYEFBQaKTvnhIhUiQz4iBzP2IAoWFXwMA4G
A1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAUBgNVHREEDTALggls
b2NhbGhvc3QwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBTTElzW0Qjnkvs4YT1P
fscWkwQW1DCBiAYIKwYBBQUHAQEEfDB6MCsGCCsGAQUFBzABhh9odHRwOi8vb2Nz
cDAxLnRlc3RpbmcubGVtbWkub3JnMEsGCCsGAQUFBzAChj9odHRwOi8vY2FjZXJ0
cy50ZXN0aW5nLmxlbW1pLm9yZy9MZW1taVNpZ25fVGVzdGluZ19UTFNfRFZfMy5j
cnQwTgYDVR0fBEcwRTBDoEGgP4Y9aHR0cDovL2NybDAxLnRlc3RpbmcubGVtbWku
b3JnL0xlbW1pU2lnbl9UZXN0aW5nX1RMU19EVl8zLmNybDAMBggqhkjOPQQDAgUA
A2gAMGUCMQCJxOs5au6z9us2KpoLHhGqcW7KQuhv+y+07jz430eCuPlDlOn3pUZw
f9Rmt+veuZwCMHxWcOd/DTro37XAZ9mxDIS/iMF2HMeivv3G2V+bLSXU5uMh0JVB
xjdXM7XYEoU8qw==
-----END CERTIFICATE-----

And one with key type ECC (Lets call this one "Test Certificate ECC"):

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:9a:f3:a9:9d:85:da:62:54:fd:65:f3:9f:ad:fb:5f
        Signature Algorithm: ecdsa-with-SHA256
        Issuer: C=DE, O=LemmiSign, CN=LemmiSign Testing TLS-DV 3
        Validity
            Not Before: Nov 20 23:00:00 2024 GMT
            Not After : Dec 20 23:00:00 2025 GMT
        Subject: C=DE, O=Lemmi Networks, OU=Test Certificate ECC, CN=localhost
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:d6:c2:fd:2c:dd:4b:cb:9c:77:76:5d:f1:52:7b:
                    93:d2:30:36:dd:48:87:41:00:cc:ea:04:db:71:9d:
                    1f:41:21:b3:26:5c:d5:d1:5a:57:57:e9:e8:a5:cd:
                    4e:e5:20:ec:5d:03:40:67:e9:5e:a1:00:3a:59:71:
                    42:ce:19:f1:32
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                EF:FE:7B:19:DF:83:1E:35:35:4E:8C:BD:F8:17:5A:07:D0:2C:6C:30
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication
            X509v3 Subject Alternative Name: 
                DNS:localhost
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Authority Key Identifier: 
                D3:12:5C:D6:D1:08:E7:92:FB:38:61:3D:4F:7E:C7:16:93:04:16:D4
            Authority Information Access: 
                OCSP - URI:http://ocsp01.testing.lemmi.org
                CA Issuers - URI:http://cacerts.testing.lemmi.org/LemmiSign_Testing_TLS_DV_3.crt
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl01.testing.lemmi.org/LemmiSign_Testing_TLS_DV_3.crl
    Signature Algorithm: ecdsa-with-SHA256
    Signature Value:
        30:65:02:31:00:c2:3c:22:0f:c7:b4:a4:a2:2a:8e:58:5d:62:
        50:f4:b3:b8:7d:1b:b8:be:58:2f:52:5d:d0:6c:9b:4b:0d:c5:
        da:12:b1:59:5c:87:81:e9:9c:8c:06:38:4f:9f:fa:8f:dd:02:
        30:4b:a6:39:18:2a:e1:94:f6:06:89:10:1f:3d:36:fe:a8:7a:
        ef:49:b6:60:6a:75:56:37:19:fe:c7:3f:07:aa:cf:ad:11:26:
        79:16:76:51:d8:c5:47:ed:00:b6:3e:9d:d9
-----BEGIN CERTIFICATE-----
MIIDJzCCAq2gAwIBAgIQEprzqZ2F2mJU/WXzn637XzAKBggqhkjOPQQDAjBGMQsw
CQYDVQQGDAJERTESMBAGA1UECgwJTGVtbWlTaWduMSMwIQYDVQQDDBpMZW1taVNp
Z24gVGVzdGluZyBUTFMtRFYgMzAeFw0yNDExMjAyMzAwMDBaFw0yNTEyMjAyMzAw
MDBaMFkxCzAJBgNVBAYMAkRFMRcwFQYDVQQKDA5MZW1taSBOZXR3b3JrczEdMBsG
A1UECwwUVGVzdCBDZXJ0aWZpY2F0ZSBFQ0MxEjAQBgNVBAMMCWxvY2FsaG9zdDBZ
MBMGByqGSM49AgEGCCqGSM49AwEHA0IABNbC/SzdS8ucd3Zd8VJ7k9IwNt1Ih0EA
zOoE23GdH0EhsyZc1dFaV1fp6KXNTuUg7F0DQGfpXqEAOllxQs4Z8TKjggFoMIIB
ZDAdBgNVHQ4EFgQU7/57Gd+DHjU1Toy9+BdaB9AsbDAwDgYDVR0PAQH/BAQDAgeA
MBMGA1UdJQQMMAoGCCsGAQUFBwMBMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAMBgNV
HRMBAf8EAjAAMB8GA1UdIwQYMBaAFNMSXNbRCOeS+zhhPU9+xxaTBBbUMIGIBggr
BgEFBQcBAQR8MHowKwYIKwYBBQUHMAGGH2h0dHA6Ly9vY3NwMDEudGVzdGluZy5s
ZW1taS5vcmcwSwYIKwYBBQUHMAKGP2h0dHA6Ly9jYWNlcnRzLnRlc3RpbmcubGVt
bWkub3JnL0xlbW1pU2lnbl9UZXN0aW5nX1RMU19EVl8zLmNydDBOBgNVHR8ERzBF
MEOgQaA/hj1odHRwOi8vY3JsMDEudGVzdGluZy5sZW1taS5vcmcvTGVtbWlTaWdu
X1Rlc3RpbmdfVExTX0RWXzMuY3JsMAoGCCqGSM49BAMCA2gAMGUCMQDCPCIPx7Sk
oiqOWF1iUPSzuH0buL5YL1Jd0GybSw3F2hKxWVyHgemcjAY4T5/6j90CMEumORgq
4ZT2BokQHz02/qh670m2YGp1VjcZ/sc/B6rPrREmeRZ2UdjFR+0Atj6d2Q==
-----END CERTIFICATE-----

Since this is only a fresh testing certificate authority and is not in production use, i leak the two private keys (and for better reproducing this behaviour ;) ):
"Test Certificate RSA":

-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCZKDVmjJFi8Duq
ZCksw5/+tJS065ARSa9vBcIMyen5msPNpBxfhQe3n+TqJyG6CE4dmW+RAjPu/FDJ
CMlYjEw4MUNjcsGmGxDE5GYoBGuqukJMmPghSoxqrVC3LXSgpq7Owj/biDr1bzqQ
NszGdBfIXsi/W5sLYbWTyFibFdggiy6GvW3C9Po4XuboVuy2ZTNYvL9+R1P5EYk5
G/Hsbj3nmWoX8PY8OOzDR8wP0xVfoU/VA5qV2X6gfsfYenNil187tY2M+E0UkhKo
FGiEL9k3gdtpPkyaBTj3Jf20weXh+MSz9dpuQEll6yybwLesajaRDM6wmoD2yyay
rUB2iRGFAgMBAAECggEAGXB3UOhKVy+7XrWyV9Af6YkJ0PShAm4bKLVrzP9WJh08
fBIlRaxtYrpj+zddam6/YuU92yKNiRr55C/ZxHkmnogi6bLW/YXYsYuVIv0mURO3
uCIJx6XVUFF8wGBZfecRzsqvHAIzINnv1U0fkwXCKYhXjzQNEG/otCT+qraPJqBq
/IFVnLuZxWzFUxEpUU0aA6bs2WwHhduy/3X+dEZOfQabrIwmmIy8r/5CSyxGa4Gd
AOCMO939PAzibRMAc0Zu1uzd5hXBPhzAksbHHllwZdb3B7J+oe/7Vi6PUGmYo+nN
9+qEXDR+ir/rVK7ppDebAozxpZHEMopKQaIVrjgR5QKBgQDX3eJVci7jIbZu6jDP
Ef/CmTl+AQHxyLsZNrL6ga+FfkpCNPNlB418XzhWcv6w5G35fsxYDeXEsXDiW7XQ
ekUP+RYubAn7OZKayDytbCl6ZCck9OvsuR5Ol9TtT6lne0zVys7+JtAACo8d4cbd
QUiIJ9CMofvulT+ORG2fOZRHJwKBgQC1oazxlsmHC5ee4tmG6uoT4HQvaYL57poZ
jHi9mwAAccfsanweFqNl/qnZxxmi+LP41C8w3iUiKzVY1wxb9SIeyG8sYzfhroTt
fqtbPiQUGuKRC+iuPkQxnh4lQ1vGbhOvl+uBJhQ7C3wF9sMa/lndxV5ughY5iqpU
TaFMDULtcwKBgQDRAyaDVWvQwHPEMT3RQbxCz9m7B366fYGriCsEI02wE/gS4vJI
gGeeZRRHoFC7NnLFgOCa4dn3+Vcz1VjV4427SZMQn8uKVNR+yiL2SCRhPVgpkHxf
WV7e+mRQ4zFD4T8kQprpuurrH04zwMissuln7CUiBjXJbPl85wS9hyLrQQKBgA9v
IqQQ3SUlnge5XSSy15tCynyw6ZlVZjDfl+78ud5PzN5RGiTwZYgoQMSpv4ryuVBe
r3fmmJ8zrr/S3lD+Hp0hCRlrgPcjflY0GlmRiT1QH4qVyXrs/Zx9xDAEbksJVZDp
RvDdjICL9EkJdADaNka7G9AmK79OAjVRt3Af/FzzAoGBALuP3CWss2dGcLXtsns+
A7Kus8Pqwp0twFmzONlpizBGKzdiG3vkma6OHqeZ0r31qcxeKmGhUN2bacFIrOBb
OSXdO6X6DNbFxNVqiuuWO72/yRz40VgZQ17KddknY7EMWw2Dh7El56hKn/sKD9oy
MRx119+pk0R7yABu0IG4h3cj
-----END PRIVATE KEY-----

"Test Certificate ECC":

-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgRgiVSfIomn7C8jdK
T4W6fSR+FG0R5IM0e1x7ZI3TMkShRANCAATWwv0s3UvLnHd2XfFSe5PSMDbdSIdB
AMzqBNtxnR9BIbMmXNXRWldX6eilzU7lIOxdA0Bn6V6hADpZcULOGfEy
-----END PRIVATE KEY-----

Furthermore i installed a debian virtual machine and imported in chromium (Version 130.0.6723.116) the previously created root certificate authority. I installed nginx for checking if my subscriber certificates are working.

Our "Test Certificate ECC" works as expected on this setup (Lock-Symbol is not RED):
grafik

Compared too our "Test Certificate RSA" which does not work (Lock-Symbol is RED):
grafik

=> so we are able to reproduce this specific behaviour. All extensions on both Test Certificates are identical so we can previously exclude this as an reason.

Next I linted both certificates using x509lint:

"Test Certificate RSA":

E: Subject with organizationName, givenName or surname but without stateOrProvince or localityName
E: Name entry contains an invalid type
E: No policy extension
E: Algorithm parameter present

"Test Certificate ECC":

E: Subject with organizationName, givenName or surname but without stateOrProvince or localityName
E: Name entry contains an invalid type
E: No policy extension

It seems like my application is not setting Subject->Country in the correct encoding, but we can exclude every message which occours on both certificates, so only one leaves on the "Test Certificate RSA": E: Algorithm parameter present.

If we take a closer look into the ASN.1 structure of the "Test Certificate RSA", we can explore this ($ openssl asn1parse -in file.crt):

    0:d=0  hl=4 l=1014 cons: SEQUENCE
    4:d=1  hl=4 l= 890 cons: SEQUENCE
    8:d=2  hl=2 l=   3 cons: cont [ 0 ]
   10:d=3  hl=2 l=   1 prim: INTEGER           :02
   13:d=2  hl=2 l=  16 prim: INTEGER           :1ECC9097B4D576A8288FA1A6421DE3A1
   31:d=2  hl=2 l=  12 cons: SEQUENCE
   33:d=3  hl=2 l=   8 prim: OBJECT            :ecdsa-with-SHA256
   43:d=3  hl=2 l=   0 prim: NULL
   45:d=2  hl=2 l=  70 cons: SEQUENCE
   47:d=3  hl=2 l=  11 cons: SET
   49:d=4  hl=2 l=   9 cons: SEQUENCE
   51:d=5  hl=2 l=   3 prim: OBJECT            :countryName
   56:d=5  hl=2 l=   2 prim: UTF8STRING        :DE
   60:d=3  hl=2 l=  18 cons: SET
   62:d=4  hl=2 l=  16 cons: SEQUENCE
   64:d=5  hl=2 l=   3 prim: OBJECT            :organizationName
   69:d=5  hl=2 l=   9 prim: UTF8STRING        :LemmiSign
   80:d=3  hl=2 l=  35 cons: SET
   82:d=4  hl=2 l=  33 cons: SEQUENCE
   84:d=5  hl=2 l=   3 prim: OBJECT            :commonName
   89:d=5  hl=2 l=  26 prim: UTF8STRING        :LemmiSign Testing TLS-DV 3
  117:d=2  hl=2 l=  30 cons: SEQUENCE
  119:d=3  hl=2 l=  13 prim: UTCTIME           :241120230000Z
  134:d=3  hl=2 l=  13 prim: UTCTIME           :251220230000Z
  149:d=2  hl=2 l=  89 cons: SEQUENCE
  151:d=3  hl=2 l=  11 cons: SET
  153:d=4  hl=2 l=   9 cons: SEQUENCE
  155:d=5  hl=2 l=   3 prim: OBJECT            :countryName
  160:d=5  hl=2 l=   2 prim: UTF8STRING        :DE
  164:d=3  hl=2 l=  23 cons: SET
  166:d=4  hl=2 l=  21 cons: SEQUENCE
  168:d=5  hl=2 l=   3 prim: OBJECT            :organizationName
  173:d=5  hl=2 l=  14 prim: UTF8STRING        :Lemmi Networks
  189:d=3  hl=2 l=  29 cons: SET
  191:d=4  hl=2 l=  27 cons: SEQUENCE
  193:d=5  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
  198:d=5  hl=2 l=  20 prim: UTF8STRING        :Test Certificate RSA
  220:d=3  hl=2 l=  18 cons: SET
  222:d=4  hl=2 l=  16 cons: SEQUENCE
  224:d=5  hl=2 l=   3 prim: OBJECT            :commonName
  229:d=5  hl=2 l=   9 prim: UTF8STRING        :localhost
  240:d=2  hl=4 l= 290 cons: SEQUENCE
  244:d=3  hl=2 l=  13 cons: SEQUENCE
  246:d=4  hl=2 l=   9 prim: OBJECT            :rsaEncryption
  257:d=4  hl=2 l=   0 prim: NULL
  259:d=3  hl=4 l= 271 prim: BIT STRING
  534:d=2  hl=4 l= 360 cons: cont [ 3 ]
  538:d=3  hl=4 l= 356 cons: SEQUENCE
  542:d=4  hl=2 l=  29 cons: SEQUENCE
  544:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
  549:d=5  hl=2 l=  22 prim: OCTET STRING      [HEX DUMP]:0414141A293BE7848854890CF8881CCFD880285855F0
  573:d=4  hl=2 l=  14 cons: SEQUENCE
  575:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
  580:d=5  hl=2 l=   1 prim: BOOLEAN           :255
  583:d=5  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:03020780
  589:d=4  hl=2 l=  19 cons: SEQUENCE
  591:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key Usage
  596:d=5  hl=2 l=  12 prim: OCTET STRING      [HEX DUMP]:300A06082B06010505070301
  610:d=4  hl=2 l=  20 cons: SEQUENCE
  612:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Alternative Name
  617:d=5  hl=2 l=  13 prim: OCTET STRING      [HEX DUMP]:300B82096C6F63616C686F7374
  632:d=4  hl=2 l=  12 cons: SEQUENCE
  634:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
  639:d=5  hl=2 l=   1 prim: BOOLEAN           :255
  642:d=5  hl=2 l=   2 prim: OCTET STRING      [HEX DUMP]:3000
  646:d=4  hl=2 l=  31 cons: SEQUENCE
  648:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
  653:d=5  hl=2 l=  24 prim: OCTET STRING      [HEX DUMP]:30168014D3125CD6D108E792FB38613D4F7EC716930416D4
  679:d=4  hl=3 l= 136 cons: SEQUENCE
  682:d=5  hl=2 l=   8 prim: OBJECT            :Authority Information Access
  692:d=5  hl=2 l= 124 prim: OCTET STRING      [HEX DUMP]:307A302B06082B06010505073001861F687474703A2F2F6F63737030312E74657374696E672E6C656D6D692E6F7267304B06082B06010505073002863F687474703A2F2F636163657274732E74657374696E672E6C656D6D692E6F72672F4C656D6D695369676E5F54657374696E675F544C535F44565F332E637274
  818:d=4  hl=2 l=  78 cons: SEQUENCE
  820:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution Points
  825:d=5  hl=2 l=  71 prim: OCTET STRING      [HEX DUMP]:30453043A041A03F863D687474703A2F2F63726C30312E74657374696E672E6C656D6D692E6F72672F4C656D6D695369676E5F54657374696E675F544C535F44565F332E63726C
  898:d=1  hl=2 l=  12 cons: SEQUENCE
  900:d=2  hl=2 l=   8 prim: OBJECT            :ecdsa-with-SHA256
  910:d=2  hl=2 l=   0 prim: NULL
  912:d=1  hl=2 l= 104 prim: BIT STRING

Combined to the previous x509lint message, we have to take a closer look at this lines:

...
   33:d=3  hl=2 l=   8 prim: OBJECT            :ecdsa-with-SHA256
   43:d=3  hl=2 l=   0 prim: NULL
...
  900:d=2  hl=2 l=   8 prim: OBJECT            :ecdsa-with-SHA256
  910:d=2  hl=2 l=   0 prim: NULL
...

It seems like, phpseclib sets the the parameter to null. If i take a closer look into the code, i am able to find the following in vendor/phpseclib/phpseclib/phpseclib/File/X509.php#505:

...
  public function saveX509(array $cert, $format = self::FORMAT_PEM)
    {
        if (!is_array($cert) || !isset($cert['tbsCertificate'])) {
            return false;
        }

        switch (true) {
            // "case !$a: case !$b: break; default: whatever();" is the same thing as "if ($a && $b) whatever()"
            case !($algorithm = $this->subArray($cert, 'tbsCertificate/subjectPublicKeyInfo/algorithm/algorithm')):
            case is_object($cert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']):
                break;
            default:
                $cert['tbsCertificate']['subjectPublicKeyInfo'] = new Element(
                    base64_decode(preg_replace('#-.+-|[\r\n]#', '', $cert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']))
                );
        }

        if ($algorithm == 'rsaEncryption') {
            $cert['signatureAlgorithm']['parameters'] = null;
            $cert['tbsCertificate']['signature']['parameters'] = null;
        }
.....

If the algorithm is rsaEncryption phpseclib is setting the parameters to null. (IF-Statement lines 522-525)

For testing purposes i commented this if-statement out and created an new certificate (lets call this one "Test Certificate RSA Working"):

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:59:80:22:90:24:eb:eb:54:bb:83:69:90:d9:4c:61
        Signature Algorithm: ecdsa-with-SHA256
        Issuer: C=DE, O=LemmiSign, CN=LemmiSign Testing TLS-DV 3
        Validity
            Not Before: Nov 20 23:00:00 2024 GMT
            Not After : Dec 20 23:00:00 2025 GMT
        Subject: C=DE, O=Lemmi Networks, OU=Test Certificate RSA Working, CN=localhost
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b8:b8:3a:67:7a:7f:05:bd:b5:2e:6a:e1:1e:e4:
                    d3:cb:38:38:32:b0:e9:f7:fa:75:63:4f:dd:f2:da:
                    36:0a:c1:15:5d:bf:bd:f0:da:26:97:8c:b4:74:cb:
                    84:bc:ce:8f:f3:21:a3:25:a2:8d:14:c1:4b:25:13:
                    cf:ab:ae:7b:3b:c5:f3:03:b6:97:49:d4:89:c3:d0:
                    05:5d:52:70:db:4d:01:50:56:85:51:61:f1:b0:82:
                    b8:60:a1:81:d6:4f:b5:86:49:34:fc:8a:4a:60:5f:
                    0a:54:9a:17:27:00:36:01:a8:d6:5e:b5:fa:43:34:
                    4a:0d:88:58:9b:2d:ce:e4:93:4e:77:16:22:e3:38:
                    cb:25:95:5d:eb:0f:91:e7:88:53:60:ba:0e:00:dc:
                    13:7b:e1:26:d0:49:76:e6:60:43:93:e3:31:cf:4e:
                    42:31:8b:a4:fa:33:18:d8:5d:dd:fb:09:88:91:4d:
                    67:9e:b6:76:d9:d4:97:6c:44:5f:76:a5:02:c8:2b:
                    55:a6:64:f2:eb:88:1a:94:0f:c5:ce:a7:cb:2b:d9:
                    ec:12:6c:1d:85:e4:12:8e:58:6a:f2:3e:27:ed:36:
                    57:a2:a1:5b:63:de:80:32:97:de:ea:42:6f:94:02:
                    ea:69:1b:d1:15:07:e8:4c:d2:8c:d8:00:12:d9:4a:
                    3f:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                7E:34:61:95:16:E3:07:CC:50:4B:04:DA:3B:4D:95:03:0D:51:C3:EE
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication
            X509v3 Subject Alternative Name: 
                DNS:localhost
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Authority Key Identifier: 
                D3:12:5C:D6:D1:08:E7:92:FB:38:61:3D:4F:7E:C7:16:93:04:16:D4
            Authority Information Access: 
                OCSP - URI:http://ocsp01.testing.lemmi.org
                CA Issuers - URI:http://cacerts.testing.lemmi.org/LemmiSign_Testing_TLS_DV_3.crt
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl01.testing.lemmi.org/LemmiSign_Testing_TLS_DV_3.crl
    Signature Algorithm: ecdsa-with-SHA256
    Signature Value:
        30:66:02:31:00:f1:f6:f6:7d:81:53:d8:5c:da:06:63:dc:7c:
        c1:f9:77:cd:d8:e9:70:42:96:65:d2:57:a9:5a:06:1e:57:ac:
        5a:63:cc:18:61:65:62:fc:e3:c3:48:79:91:2d:c1:ba:3a:02:
        31:00:b2:d9:0a:c7:d4:b1:04:55:c1:cf:a0:4e:28:88:a1:9a:
        60:93:4e:a1:c0:0c:b9:d2:9c:a5:1a:63:3f:5e:3c:9f:09:57:
        e7:4b:54:b9:0b:df:25:58:c6:31:af:81:8e:29
-----BEGIN CERTIFICATE-----
MIID+zCCA4CgAwIBAgIQGFmAIpAk6+tUu4NpkNlMYTAKBggqhkjOPQQDAjBGMQsw
CQYDVQQGDAJERTESMBAGA1UECgwJTGVtbWlTaWduMSMwIQYDVQQDDBpMZW1taVNp
Z24gVGVzdGluZyBUTFMtRFYgMzAeFw0yNDExMjAyMzAwMDBaFw0yNTEyMjAyMzAw
MDBaMGExCzAJBgNVBAYMAkRFMRcwFQYDVQQKDA5MZW1taSBOZXR3b3JrczElMCMG
A1UECwwcVGVzdCBDZXJ0aWZpY2F0ZSBSU0EgV29ya2luZzESMBAGA1UEAwwJbG9j
YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLg6Z3p/Bb21
LmrhHuTTyzg4MrDp9/p1Y0/d8to2CsEVXb+98Noml4y0dMuEvM6P8yGjJaKNFMFL
JRPPq657O8XzA7aXSdSJw9AFXVJw200BUFaFUWHxsIK4YKGB1k+1hkk0/IpKYF8K
VJoXJwA2AajWXrX6QzRKDYhYmy3O5JNOdxYi4zjLJZVd6w+R54hTYLoOANwTe+Em
0El25mBDk+Mxz05CMYuk+jMY2F3d+wmIkU1nnrZ22dSXbERfdqUCyCtVpmTy64ga
lA/FzqfLK9nsEmwdheQSjlhq8j4n7TZXoqFbY96AMpfe6kJvlALqaRvRFQfoTNKM
2AAS2Uo/2wIDAQABo4IBaDCCAWQwHQYDVR0OBBYEFH40YZUW4wfMUEsE2jtNlQMN
UcPuMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAUBgNVHREE
DTALgglsb2NhbGhvc3QwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBTTElzW0Qjn
kvs4YT1PfscWkwQW1DCBiAYIKwYBBQUHAQEEfDB6MCsGCCsGAQUFBzABhh9odHRw
Oi8vb2NzcDAxLnRlc3RpbmcubGVtbWkub3JnMEsGCCsGAQUFBzAChj9odHRwOi8v
Y2FjZXJ0cy50ZXN0aW5nLmxlbW1pLm9yZy9MZW1taVNpZ25fVGVzdGluZ19UTFNf
RFZfMy5jcnQwTgYDVR0fBEcwRTBDoEGgP4Y9aHR0cDovL2NybDAxLnRlc3Rpbmcu
bGVtbWkub3JnL0xlbW1pU2lnbl9UZXN0aW5nX1RMU19EVl8zLmNybDAKBggqhkjO
PQQDAgNpADBmAjEA8fb2fYFT2FzaBmPcfMH5d83Y6XBClmXSV6laBh5XrFpjzBhh
ZWL848NIeZEtwbo6AjEAstkKx9SxBFXBz6BOKIihmmCTTqHADLnSnKUaYz9ePJ8J
V+dLVLkL3yVYxjGvgY4p
-----END CERTIFICATE-----

the private key of "Test Certificate RSA Working":

-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC4uDpnen8FvbUu
auEe5NPLODgysOn3+nVjT93y2jYKwRVdv73w2iaXjLR0y4S8zo/zIaMloo0UwUsl
E8+rrns7xfMDtpdJ1InD0AVdUnDbTQFQVoVRYfGwgrhgoYHWT7WGSTT8ikpgXwpU
mhcnADYBqNZetfpDNEoNiFibLc7kk053FiLjOMsllV3rD5HniFNgug4A3BN74SbQ
SXbmYEOT4zHPTkIxi6T6MxjYXd37CYiRTWeetnbZ1JdsRF92pQLIK1WmZPLriBqU
D8XOp8sr2ewSbB2F5BKOWGryPiftNleioVtj3oAyl97qQm+UAuppG9EVB+hM0ozY
ABLZSj/bAgMBAAECggEAAkB3jBZj1+FuO8nXVW7dsdFNRqc1CK4TK0VoepwPrCpR
aZOEmcCN6b3CcbJWTdc2hCub4HildqQ84KHn1mkFL2z/scL3JHagCwcfhjClKfzy
i4KIOD4eEMsmBGb6fSXWUuGvuggeZ5FaLaxG7dWSLmba3ZUjVfTTKEfKKLvXAsNP
U7oSjg/3kc1SxH/DyZhYiQZrJHWeEfeIxRm6YRnNVQaFDS7p81SOiEk2xNWNFwxy
4hDDMN2hMXcy2lxhBq94uOrQVr2pAIRVXRICsYYuxLTSUnXJx8ruv+ZNOL1lm9XJ
YyeDsr6ofV7TDvAnSqtxDRgiN2ioP4KpvHqfUd7YsQKBgQD1W2pmquWlQVdy7a1H
sQUvfIiu2B4UWz8+CKf77tvu5dzE3UXup0mUAvp5ndAq8N7VGWxmmdOQ7cCSWCs0
V3oV1ZDM7m7xHaA9wk3mm2zJqEcsj/IRaRTP+ajc3IFFX5625d7mvTjaNdqfYjn1
/mUgh09IH2LRYyV4ZlK1+XbOkQKBgQDAu3W4pu85MPkkA7DLdZ3yIP9mVtiyeNq1
pqxKM7js8FsKO+cM5hTiTVZzORPkVLkKDFnoHzI1Vc8GhjYQ8LqlDAU5PBHUVpNg
UVQWDRII2cke0NUElFR/0ErDmy50+8jnFybvPxpYxw7paXqK8bvQtseDuj7p9Abn
cmi9sSZ1qwKBgQCXdIm2vJGrtC0OJcdMNOrViFM7Uu8mc7kTSvafHrAmxT/FSi3s
Btn1gu0o+5DPoQZ8lwgCQbyGfyzbaY+p7MHRDpcm2ZwkPLx4wyOhUZoS1UyyJl0w
ACS3yQ5C397wevkXP8ibuHyKvqmor1LGFfZI4R3AkJdIV6J+svMln8uF8QKBgAM8
4vxoKYqvbPAS88xnPHEN5tyERv2wlBQLKcfRWKD6ZL0mRnpr/xvSKsqiwdfLKJSn
oncI1yIYP/MfHBdqw+fz7L6KaM5FahJrK1t3er8VUZCn93wtNcIz8J2apMwoUra3
J9tLFxk4tuJq+DkPWJVoDLAE1/u8MsV+oY3WRQwjAoGAbstN5MUkJW2a1WNbX2y0
AbfVMGItazunOHd2I77fV1UedCC/GPitnxt3x49rM5rQOQ2seJJeFrKT2fNNtJtD
7riAiVBQG0VuYN910PQP+4sIPUTtvkN7Ot61T93XUpQJ4PMq9bvy1jZe5HfVkblm
vx5CYmQ8nLPImy0iLbd/id0=
-----END PRIVATE KEY-----

output of x509lint:

E: Subject with organizationName, givenName or surname but without stateOrProvince or localityName
E: Name entry contains an invalid type
E: No policy extension

output of asn1parse:

    0:d=0  hl=4 l=1019 cons: SEQUENCE
    4:d=1  hl=4 l= 896 cons: SEQUENCE
    8:d=2  hl=2 l=   3 cons: cont [ 0 ]
   10:d=3  hl=2 l=   1 prim: INTEGER           :02
   13:d=2  hl=2 l=  16 prim: INTEGER           :185980229024EBEB54BB836990D94C61
   31:d=2  hl=2 l=  10 cons: SEQUENCE
   33:d=3  hl=2 l=   8 prim: OBJECT            :ecdsa-with-SHA256
   43:d=2  hl=2 l=  70 cons: SEQUENCE
   45:d=3  hl=2 l=  11 cons: SET
   47:d=4  hl=2 l=   9 cons: SEQUENCE
   49:d=5  hl=2 l=   3 prim: OBJECT            :countryName
   54:d=5  hl=2 l=   2 prim: UTF8STRING        :DE
   58:d=3  hl=2 l=  18 cons: SET
   60:d=4  hl=2 l=  16 cons: SEQUENCE
   62:d=5  hl=2 l=   3 prim: OBJECT            :organizationName
   67:d=5  hl=2 l=   9 prim: UTF8STRING        :LemmiSign
   78:d=3  hl=2 l=  35 cons: SET
   80:d=4  hl=2 l=  33 cons: SEQUENCE
   82:d=5  hl=2 l=   3 prim: OBJECT            :commonName
   87:d=5  hl=2 l=  26 prim: UTF8STRING        :LemmiSign Testing TLS-DV 3
  115:d=2  hl=2 l=  30 cons: SEQUENCE
  117:d=3  hl=2 l=  13 prim: UTCTIME           :241120230000Z
  132:d=3  hl=2 l=  13 prim: UTCTIME           :251220230000Z
  147:d=2  hl=2 l=  97 cons: SEQUENCE
  149:d=3  hl=2 l=  11 cons: SET
  151:d=4  hl=2 l=   9 cons: SEQUENCE
  153:d=5  hl=2 l=   3 prim: OBJECT            :countryName
  158:d=5  hl=2 l=   2 prim: UTF8STRING        :DE
  162:d=3  hl=2 l=  23 cons: SET
  164:d=4  hl=2 l=  21 cons: SEQUENCE
  166:d=5  hl=2 l=   3 prim: OBJECT            :organizationName
  171:d=5  hl=2 l=  14 prim: UTF8STRING        :Lemmi Networks
  187:d=3  hl=2 l=  37 cons: SET
  189:d=4  hl=2 l=  35 cons: SEQUENCE
  191:d=5  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
  196:d=5  hl=2 l=  28 prim: UTF8STRING        :Test Certificate RSA Working
  226:d=3  hl=2 l=  18 cons: SET
  228:d=4  hl=2 l=  16 cons: SEQUENCE
  230:d=5  hl=2 l=   3 prim: OBJECT            :commonName
  235:d=5  hl=2 l=   9 prim: UTF8STRING        :localhost
  246:d=2  hl=4 l= 290 cons: SEQUENCE
  250:d=3  hl=2 l=  13 cons: SEQUENCE
  252:d=4  hl=2 l=   9 prim: OBJECT            :rsaEncryption
  263:d=4  hl=2 l=   0 prim: NULL
  265:d=3  hl=4 l= 271 prim: BIT STRING
  540:d=2  hl=4 l= 360 cons: cont [ 3 ]
  544:d=3  hl=4 l= 356 cons: SEQUENCE
  548:d=4  hl=2 l=  29 cons: SEQUENCE
  550:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
  555:d=5  hl=2 l=  22 prim: OCTET STRING      [HEX DUMP]:04147E34619516E307CC504B04DA3B4D95030D51C3EE
  579:d=4  hl=2 l=  14 cons: SEQUENCE
  581:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
  586:d=5  hl=2 l=   1 prim: BOOLEAN           :255
  589:d=5  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:03020780
  595:d=4  hl=2 l=  19 cons: SEQUENCE
  597:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key Usage
  602:d=5  hl=2 l=  12 prim: OCTET STRING      [HEX DUMP]:300A06082B06010505070301
  616:d=4  hl=2 l=  20 cons: SEQUENCE
  618:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Alternative Name
  623:d=5  hl=2 l=  13 prim: OCTET STRING      [HEX DUMP]:300B82096C6F63616C686F7374
  638:d=4  hl=2 l=  12 cons: SEQUENCE
  640:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
  645:d=5  hl=2 l=   1 prim: BOOLEAN           :255
  648:d=5  hl=2 l=   2 prim: OCTET STRING      [HEX DUMP]:3000
  652:d=4  hl=2 l=  31 cons: SEQUENCE
  654:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
  659:d=5  hl=2 l=  24 prim: OCTET STRING      [HEX DUMP]:30168014D3125CD6D108E792FB38613D4F7EC716930416D4
  685:d=4  hl=3 l= 136 cons: SEQUENCE
  688:d=5  hl=2 l=   8 prim: OBJECT            :Authority Information Access
  698:d=5  hl=2 l= 124 prim: OCTET STRING      [HEX DUMP]:307A302B06082B06010505073001861F687474703A2F2F6F63737030312E74657374696E672E6C656D6D692E6F7267304B06082B06010505073002863F687474703A2F2F636163657274732E74657374696E672E6C656D6D692E6F72672F4C656D6D695369676E5F54657374696E675F544C535F44565F332E637274
  824:d=4  hl=2 l=  78 cons: SEQUENCE
  826:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution Points
  831:d=5  hl=2 l=  71 prim: OCTET STRING      [HEX DUMP]:30453043A041A03F863D687474703A2F2F63726C30312E74657374696E672E6C656D6D692E6F72672F4C656D6D695369676E5F54657374696E675F544C535F44565F332E63726C
  904:d=1  hl=2 l=  10 cons: SEQUENCE
  906:d=2  hl=2 l=   8 prim: OBJECT            :ecdsa-with-SHA256
  916:d=1  hl=2 l= 105 prim: BIT STRING

As we can see, the parameters are not set anymore and x509lint does not display the error message E: Algorithm parameter present using "Test Certificate RSA Working".

I changed my nginx config and chromium displays the page using the new generated certificate:
grafik

maybe possible solution

It looks like chromium does not accept this parameters in the certificate if the signature is done using ecdsa. In my opinion an option is to switch the IF-Statement to check against the signature algorithm not against the used key type. (Since this is a very critical code part, I recommend to check this twice!)

Conclusion

I hope it's not a problem if the analysis part got a bit lengthy. If more information is needed, please let me know. I will try to provide it as quickly as possible.

Thank you for your time and consideration regarding this issue. I look forward to any feedback or assistance you may provide.

Best regards
Tobias
@terrafrost
Copy link
Member

I'm at a friends place atm and have only kinda half read this but from what I'm able to gather by kinda skimming through this the following links seems applicable:

https://security.stackexchange.com/a/110412/15922
#914

I'll try to review this post and those two links in more detail as time permits. Got a busy next few days.

@LemmingZwerg1
Copy link
Contributor Author

Hi terrafrost,
thank you very much for your answer!

In the last few days I made some researches about this behavior and I found a bug from chromium: https://issues.chromium.org/issues/349054817 (In this bug an user writes something about an declined certificate using NULL in the signature algorithms and someone from chrome quote a paragraph from RFC 5758, this sounds like my previously described problem :D )

I took a look into RFC 5758 section 3.2:

   When the ecdsa-with-SHA224, ecdsa-with-SHA256, ecdsa-with-SHA384, or
   ecdsa-with-SHA512 algorithm identifier appears in the algorithm field
   as an AlgorithmIdentifier, the encoding MUST omit the parameters
   field.

As far as i understand, we have to not set the parameters for the signature algorithm if one of the ecdsa algorithm identifiers is used. The parameters for the public key algorithm are not affected.

I really appreciate all the hard work you’re putting into this project - it’s awesome. If there’s anything else you need from me or something I can help with, just let me know. Happy to pitch in. Thanks again!

Best regards
Tobias

@terrafrost
Copy link
Member

Apologies for the delay - between the US holiday of Thanksgiving and other support tickets it's been challenging to find the time to look into everything.

Anyway, does this commit fix the issue for you?:

terrafrost@5d69be1

Here's the branch:

https://github.com./terrafrost/phpseclib/tree/2051-3.0

If so lmk and I'll merge that into the 3.0 branch.

Thanks!

@LemmingZwerg1
Copy link
Contributor Author

Hi,
I checked your code and it works like a dream :)

Thank you so much!
~ Tobias

@terrafrost
Copy link
Member

I'll get this merged into the 3.0 branch in the next few days! I want to add a unit test. Also, altho it's not as big of an issue in the 1.0 / 2.0 branches since they only support RSA, the fact that they also support PSS, which uses different OIDs, means that it'd be good to have this fix in those branches, too.

Anyway, like I said, hopefully in the next few days (got a busy next few days ahead of me).

Thanks for confirming that the code change worked!!

terrafrost referenced this issue Dec 4, 2024
@terrafrost
X509: algorithmidentifier parameters could get incorrectly set
7b43ea0
@terrafrost
Copy link
Member

This has been merged into the 3.0 / master branches:

7b43ea0

In-so-far as my 1.0 / 2.0 comments are concerned... 1.0 / 2.0 work completely differently from 3.0 / master (3.0+ determines the algorithm type from the key object you passed to it whereas 1.0 / 2.0 don't) so a proper code change would look very different. No need to hold up the 3.0 branch for the 1.0 / 2.0 branches.

@LemmingZwerg1
Copy link
Contributor Author

Hi,
nice. Thanks for merging!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@terrafrost @LemmingZwerg1