Test 8 Cert & Private Key Don't Match

[dmccarney]

Hi there,

I was trying to issue a client certificate to test a positive result for "Test 8 :: Client Certificate required" and happened to notice that the test8 certificate and the test8 private key checked into the repo don't match!

The public key of the certificate specifies an RSA public key with one modulus (dumped with openssl x509 -in test8.tls-o-matic.com.cert -noout -text):

            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:c7:5b:3a:8b:e9:9b:c5:7b:72:f6:68:4a:d2:5c:
                    53:43:e6:fa:d0:8d:d4:4d:5e:c4:38:43:55:0d:8d:
                    49:8c:54:98:04:ab:66:04:ce:ce:01:71:18:ef:08:
                    ed:dc:cf:63:4a:18:13:83:85:82:fa:2b:c1:3d:71:
                    ab:ec:aa:58:69:20:e9:78:79:8c:5f:64:90:df:88:
                    47:fc:a9:0b:53:8b:9d:90:c3:37:64:1c:8c:dd:7e:
                    24:7a:af:6a:00:03:4b:01:a8:2d:e2:17:e7:71:75:
                    fc:60:b3:90:20:01:7c:75:50:09:9c:02:43:91:20:
                    8c:d8:37:00:06:a8:ad:9d:a0:4c:33:ff:6a:16:03:
                    33:d5:98:e6:d4:8c:8e:9b:02:e0:29:0e:d3:b8:e2:
                    90:33:81:12:22:4d:5a:ac:4f:bf:e5:49:a3:3f:29:
                    c4:64:db:b9:09:a8:bb:b5:2c:e9:c2:8a:28:21:ac:
                    ae:06:4a:84:62:a5:93:b9:48:45:3b:91:76:33:46:
                    22:50:0f:e4:e6:c3:0d:df:ba:6f:22:b6:da:d3:ba:
                    32:db:bd:1b:00:b1:0d:85:8d:71:34:ae:04:49:61:
                    11:fa:97:74:0f:0a:bf:c6:7a:eb:f7:0d:e7:eb:1d:
                    77:a4:ba:40:23:d2:af:07:72:19:1c:87:d3:10:fc:
                    c2:45
                Exponent: 65537 (0x10001)

and the corresponding private key in the repo has a different RSA modulus (dumped with openssl rsa -in test8.tls-o-matic.com.key -modulus):

9C:7F:33:CA:47:E8:B7:1B:B7:D4:B6:E6:BD:18:E2:03:F4:B6:98:94:37:2E:21:47:4C:61:5F:8B:30:3D:0C:E4:1C:41:C0:1C:69:13:7D:3F:5A:AC:3C:F6:3B:AC:6C:DA:16:1D:91:2F:23:9D:6E:C6:B5:A5:56:09:93:CF:24:DF:61:6E:AE:D4:A0:53:C7:74:F0:59:C1:3F:0E:4B:BA:43:82:B0:D7:5C:11:6F:E1:5E:23:96:A9:91:70:90:0E:F7:C4:1E:DD:89:63:D2:E1:A5:99:91:F8:B5:2F:62:95:E1:DA:05:7B:FE:A2:FD:99:A2:CA:E0:AF:66:14:90:B8:47:A4:60:D8:96:2B:65:DA:FF:A0:22:11:FC:BE:C3:CE:F7:62:08:1A:9B:3A:70:8F:09:A8:24:C0:DA:EA:ED:13:83:E3:93:13:8D:C7:C8:E9:2A:73:63:2E:5D:4C:64:19:55:32:4F:9C:DF:8D:7A:36:B5:07:A1:DB:79:8C:A1:5B:AA:AD:70:72:07:8D:0F:18:2F:0A:73:6B:BA:F3:0D:62:A1:AF:62:F5:32:45:76:47:36:04:04:D4:BA:A9:C2:93:71:8C:B2:48:E7:30:8E:30:77:85:53:C8:7E:41:0C:22:1B:AB:5A:8B:6C:63:FA:C7:8C:E7:ED:1D:1B:AF:0F:EC:45

Was there a mistake committing the certificate & key? Perhaps I'm doing something wrong? A mystery either way :-)

Thanks!

[wbond]

Related: it would be great to provide a valid client certificate and an invalid client certificate so users can test and make sure client auth works and how it fails with invalid credentials.

[dmccarney]

@wbond Agreed :-) That's the road I was heading down when I discovered the private key mismatch. I'd also like to see those test-cases supported.