Signing OpenOffice.org 3 Document Failed

This section provides a tutorial example on how OpenOffice.org 3 refuses to use a certificate that was issued from an invalid intermediate CA. Be an intermediate CA, your certificate must have authorized usage of 'Certificate Signing, Off-line CRL Signing, CRL Signing (06)'.

Amy is ready to apply digital signatures to OpenOffice.org 3 documents now. So she follows the instruction from OpenOffice.org 3 help text:

1. Amy runs OpenOffice.org 3 Writer and creates a document called Digital-Signature-Test.odt.

2. Click "Digital Signatures" from the "File" menu. The "Digital Signatures" dialog box shows up.

3. Click "Add" button. The "Select Certificate" dialog box shows up. Amy's certificate is listed there.

3. Select Amy's certificate and click "OK" button. But no digital signature is added! Why?
Adding Digital Signatures in OpenOffice.org 3

4. Amy goes back to "Internet Options" and view Amy's certificate.

5. Select "herongyang.com" on the "Certificate Path" tab. This message shows up in the certificate status section:

This certificate does not appear to be valid for the selected purpose.

6. Double clicks "herongyang.com" on the "Certificate Path" tab. My certificate shows up with this information on the "General" tab:

This certificate is intended for the following purpose(s):
- Proves your identify to a remote computer
- Ensures the identity of a remote computer
- Allows strong encryption for online transactions/communications

I think I understand why OpenOffice.org refuses to use Amy's certificate to sign the document. The root cause of the problem is my certificate, which is issued by CAcert.org with 3 specific purposes. Acting as intermediate CA and issuing certificates to others is not listed on my certificate. So in theory, I can not use my certificate from CAcert.org to sign other certificates.

Last update: 2011.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of HTTPS (Hypertext Transfer Protocol Secure)

 Using HTTPS with IE (Internet Explorer) 10

 Using HTTPS with Chrome 40

 Using HTTPS with Firefox 35

 Perl Scripts Communicating with HTTPS Servers

 PHP Scripts Communicating with HTTPS Servers

 Java Programs Communicating with HTTPS Servers

 Certificate Stores and Certificate Console

 .NET Programs Communicating with HTTPS Servers

 CAcert.org - Root CA Offering Free Certificates

 PKI CA Administration - Issuing Certificates

 Digital Signature - Microsoft Word 2007

Digital Signature - OpenOffice.org 3

 OpenOffice.org 3 - Applying Digital Signatures

 Converting KeyStore Files to PKCS12 Files

 Importing Private-Public Key Pair with Internet Options

 Viewing a Certificate with a Private Key

 Importing CA Certificates into the Trusted Store

Signing OpenOffice.org 3 Document Failed

 Generating CSR for a Personal Certificate

 Getting Personal Certificate Signed by CAcert.org

 Storing Personal Certificate with Its Keys

 Installing Personal Certificate with Internet Options

 Signing OpenOffice.org 3 Document Worked

 S/MIME and Email Security

 PKI (Public Key Infrastructure) Terminology

 Outdated Tutorials

 References

 PDF Printing Version