Opened 2 years ago
#20966 new defect
Ova/Ovf Signature Verification Issue
| Reported by: | MustafaBayrak | Owned by: | |
|---|---|---|---|
| Component: | OVF | Version: | VirtualBox 6.1.34 |
| Keywords: | Cc: | ||
| Guest type: | other | Host type: | Windows |
Description
I sign my ovf file with my own code signing certificate. I am getting a certificate validation error while importing the resulting signed ovf file. I am getting this error even though I upload the SubCA and CA certificates of the signing certificate to the Windows Certificate Store.
I downloaded the source code of the 6.1.34 version of VirtualBox and debug it on my windows machine. And I found that the problem was because of the Name Constraints extension in the SubCA certificate of the certificate I signed.
While reading SubCA certificate from Windows Certificate Store on rtCrStoreAddCertsFromNative method, RTCrX509Certificate_DecodeAsn1 method gives an error in the relevant SubCA certificate. The error message reads: 0x00000000033ae4e8 "CurCtx.Cert.TbsCertificate.T3.Extensions.papItems#.ExtnValue.NameConstraings. It gives error 0x80 (expected 0x10/0x20)'
What kind of a problem is there in the SubCA certificate, can you help with this?
SubCA.crt