[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Resolving SSL error "The certificate is not valid for the requested usage"

Posted on 2011-09-17
2
Medium Priority
?
2,148 Views
Last Modified: 2012-05-12
I am trying to upgrade an existing system from using plain unencrypted sockets to use SSL. The server is a java socket listener program (not http) and the client is developed in WinDev. WinDev accesses the personal store and apparently does not allow exceptions to security.

For testing purposes, I acquired an SSL certificate from StartSSL. My java server keystore shows the keypair for me and 2 certificates from StartSSL. The windows client has the cert imported into the personal and the Trusted Root Certification area. Windev recognizes the certs.

When the client attempts to connect to the new SSL server, it generates the error "The certificate is not valid for the requested usage".  From what I can tell, this is related to its purpose.  The certificate purpose states

Proves your identity to a remote computer
Protects e-mail messages

For testing/development, the client and server are localhost.

So my question is, what does this error really mean when using my own SSL Server and SSL client ?  How can this be resolved ?

0
Comment
Question by:Sarge516
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 13

Assisted Solution

by:Hugh McCurdy
Hugh McCurdy earned 400 total points
ID: 36555384
0
 
LVL 28

Accepted Solution

by:
dpearson earned 1600 total points
ID: 36555500
Found this explanation on http://technet.microsoft.com/en-us/library/bb331963.aspx

The second section sounds like it may apply to you?  Either that or you're triggering this in the initial SSL handshake.

This status message indicates that you must enable the certificate for use in the current application. For example, if you're trying to use this certificate for Domain Security, the certificate must be enabled for SMTP.

For more information about how to enable certificates, see Enable-ExchangeCertificate.

Alternatively, this status message may indicate that the certificate that you're using doesn't have the correct data in the Enhanced Key Usage field. All certificates that are used for TLS must contain a Server Authentication object identifier (also known as OID). If you're trying to use a certificate for TLS that doesn't contain a Server Authentication OID in the Enhanced Key Usage Field, you must create a new certificate.


Are you going to use a library to implement the SSL protocol over a raw socket?  If not I'd suggest finding one and starting with their sample code.

Another option is to start by implementing a simple HTTPS server (even though that's not your eventual goal) - e.g. using Jetty - and then once you have that working correctly, start removing parts until you take over the SSL communication yourself.

Doug
0

Featured Post

Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
This tutorial will introduce the viewer to VisualVM for the Java platform application. This video explains an example program and covers the Overview, Monitor, and Heap Dump tabs.
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question