This is an IMPORTANT notice from moCA Working Group.
MacOS X & Safari users,
Some people have reported to the moCA WG that
they couldn't access to the WIDE camp application page.
Through our investigation, one measure has been
found and is released now.
So, please follow the guide described below.
All other WIDE members,
Any action is not required if you don't experience
the same problem, but please let us announce that
the WIDE ROOT CA and moCA each have two certificates,
*** both of which are correct ***.
Just be careful when you confirm the CA fingerprints,
because two kinds of fingerprints are displayed on
the moCA WG web pages.
Any problem due to the existence of two kinds of CA
certificates wasn't revealed through
several experiments within moCA WG.
This status is temporal. By the next key update,
the changeover will be gradually progressed and
each CA will have only one certificate again.
Apology for your inconvenience,
moCA Working Group
----- o ----- o ----- o ----- o -----
The guide to fix the WIDE camp web page
(https://widecamp.e-side.co.jp/)
access problem
[the target PC environment]
MacOS X & Safari
the moCA WG has examined the versions of
MacOS X 10.3(Panther) and 10.4(Tiger).
[the additional merit of this fix]
1. S/MIME with Mail.app can be used.
2. The warning message "This certificate
is signed by invalid authority." won't
be seen after a while when the WIDE
members only page is accessed with Safari.
[the cause of the problem]
further investigation is needed, though
it's anticipated something wrong is
server side's configuration.
But encoding problem is found in the WIDE
ROOT CA and the moCA certificates and
these certificates aren't accepted as
CA certificates in MacOS X and Safari environment.
This fix of encoding problem is related
to the fix of the access problem.
So, the fix of encoding problem is released at first.
[the measure]
Replace the WIDE ROOT CA certificate and
the moCA certificate to the new ones,
which are called
"encoding problem fixed version" certificates.
The key point is to install the WIDE ROOT CA certificate
to the "X509 Anchors".
The fingerprint of new WIDE ROOT CA certificate
sha1 fingerprint:
be 97 ae 7f c0 37 d2 cb c5 f2 3b eb d3 2c f5 07 74 c3 ef fe
The fingerprint of new moCA certificate
sha1 fingerprint:
27 fa 6b c3 25 6d 4f 0f 6b 3d f2 a5 b6 8a 83 0a 53 33 7f 45
(a) in case of Tiger
1. remove the old WIDE ROOT CA and moCA certificates
using KeyChain access.
These certificates might be installed in
"Login" or
"X509 Anchors".
KeyChain access is found in "utility
folder" under
"application folder".
The root privilege is required when "X.509 Anchors"
is changed.
2. Please install the new moCA certificate to KeyChain
"Login".
The URL is
http://moca.wide.ad.jp/moca-for-macos050818.cer
3. Please install the new WIDE ROOT CA certificate to
KeyChain "X509 Anchors".
The URL is
http://member.wide.ad.jp/wg/moca/wideroot-for-macos050822.cer
(b) in case of Panther or older version
1. remove the old WIDE ROOT CA and moCA certificates
using KeyChain access.
These certificates might be installed in
"Login" or
"X509 Anchors".
2. "Add KeyChain" if the certificate KeyChain doesn't
exist.
add
/System/Library/Keychains/X509Anchors (for root CAs)
/System/Library/Keychains/X509Certificates
(for subordinated CA)
3. Please install the new moCA certificate to KeyChain
"X509Certificates".
The URL is
http://moca.wide.ad.jp/moca-for-macos050818.cer
4. Please install the new WIDE ROOT CA certificate to
KeyChain "X509 Anchors".
The URL is
http://member.wide.ad.jp/wg/moca/wideroot-for-macos050822.cer
[related URL (japanese only)]
http://member.wide.ad.jp/wg/moca/wide_root_ca.html
http://moca.wide.ad.jp/
moCA WG, WIDE Project, Sep., 2005