QA:Testcase Certificate Trust:Untrusted Certificate

From FedoraProject

(Difference between revisions)
Jump to: navigation, search
(Test case page for untrusted certificate)
 
(Fix up links)
 
(One intermediate revision by one user not shown)
Line 2: Line 2:
 
|description=This test verifies that an untrusted certificate without an anchor in the system certificate anchor list is rejected as expected.
 
|description=This test verifies that an untrusted certificate without an anchor in the system certificate anchor list is rejected as expected.
 
|setup=
 
|setup=
# Make sure to complete the [[Test_Day:2013-03-28_Shared_System_Certificates/Prerequisites|prerequisites before starting this test]].
+
# Make sure to complete the [[QA:Testcase_Certificate_Trust:Prerequisites|prerequisites before starting this test]].
 
# This test case connects to ''test9431.kuix.de'' on port ''9431''
 
# This test case connects to ''test9431.kuix.de'' on port ''9431''
 
|actions=
 
|actions=
Line 27: Line 27:
 
#: Messages on the console from firefox are probably unrelated to this test, unless they say "p11-kit".
 
#: Messages on the console from firefox are probably unrelated to this test, unless they say "p11-kit".
 
# Java should reject untrusted certificates:
 
# Java should reject untrusted certificates:
#: <pre>$ java -classpath ~/shared-system-certificate-test-day test9431</pre>
+
#: <pre>$ java -classpath ~/certificate-trust-test-cases TestCertTrust https://test9431.kuix.de:9431/</pre>
 
#: This uses the java test program that you compiled in the prerequisites.
 
#: This uses the java test program that you compiled in the prerequisites.
 
#: The output should say: <code>PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 
#: The output should say: <code>PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Latest revision as of 10:32, 21 March 2013

Contents

Description

This test verifies that an untrusted certificate without an anchor in the system certificate anchor list is rejected as expected.

Setup

  1. Make sure to complete the prerequisites before starting this test.
  2. This test case connects to test9431.kuix.de on port 9431

How to test

  1. Verify that openssl rejects untrusted certificates:
    $ openssl s_client -verify 5 -connect test9431.kuix.de:9431
    You should see: Verify return code: 27 (certificate not trutsed)
  2. Check that gnutls rejects untrusted certificates:
    $ gnutls-cli -p 9431 test9431.kuix.de
    You should see: Status: The certificate is NOT trusted. The certificate issuer is unknown.
  3. Check that curl reject untrusted certificates:
    $ curl --head https://test9431.kuix.de:9431
    You should see: curl: (60) Peer's Certificate issuer is not recognized.
  4. Firefox should reject untrusted certificates:
    $ firefox https://test9431.kuix.de:9431
    The page should not load.
    There should be an error page stating: "This Connection is Untrusted".
    Click on the Technical Details to see: "Error code: sec_error_unknown_issuer"
    There should be no padlock icon.
    Messages on the console from firefox are probably unrelated to this test, unless they say "p11-kit".
  5. Epiphany should reject untrusted certificates:
    $ epiphany https://test9431.kuix.de:9431
    Right of the URL bar should have an unlocked icon, with an exclamation mark.
    Clicking on the padlock should show a window which says "The identity of this website has not been verified"
    Messages on the console from firefox are probably unrelated to this test, unless they say "p11-kit".
  6. Java should reject untrusted certificates:
    $ java -classpath ~/certificate-trust-test-cases TestCertTrust https://test9431.kuix.de:9431/
    This uses the java test program that you compiled in the prerequisites.
    The output should say: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Expected Results

While executing each of the above commands, check the output matches what's noted for each command.

None of the above commands, with the exception of epiphany, should load the target page in question.



Troubleshooting

  • No notes at this time