Verifier - Checking authenticity [FAIL]

H,

I’ve issued a certificate in testnet mode using Cert-Tools.
Now I’m using Cert-Viewer to check it.
I’m getting this error when pressing the “Verify certificate” button.

What’s the requirement to pass the Authenticity check? Could I’ve missed a step?

This is the view from the terminal:

I appreciate any help.

Thanks,
Gabriel

1 Like

I am also having the same problem

Can someone at least explain which are the requirements to be met for the Authenticity check?

Thanks!
Gabriel

Apparently I missed an important page here:

Specifically this about Checking Authenticity: “This step verifies that the certificate was authored by the issuer. This is verified by ensuring the signing key for the blockchain transaction is indeed claimed by the issuer, and the key was valid at the time the transaction was issued.”

Probably my problem is that the signing key of the issuer doesn’t match.
To create the unsigned certificates, I was using the default configuration:


with only some changes on the images and on the roster.

Now, I have changed this line:
issuer_public_key=ecdsa-koblitz-pubkey:msBCHdwaQ7N2ypBYupkp6uNxtr9Pg76imj

With something like
issuer_public_key= (the same address I’m using on the cert-issuer configuration).
*Note I’m not using any name before the address, unlike the default conf. Is this ok?

But it is still not working. Am I missing something here?

I appreciate any help.

Thanks,
Gabriel

I also have the same issue

Hello @Gabalo,

you are right, you had to change the issuer_public_key to the one you were using in the cert-issuer. But don’t miss the “ecdsa-koblitz-pubkey:”. The entry has to look like this, but replace “” with your public key:

issuer_public_key=ecdsa-koblitz-pubkey:<your-public-key>

Another problem is that the verification is looking up the issuer id. See also https://github.com/blockchain-certificates/cert-verifier-js#check-certificate-authenticity and https://github.com/blockchain-certificates/cert-verifier-js#issuer-identity. This means that you have to change theissuer_id in the conf.ini. Currently it points to a JSON file containing a public key (beside other information) which does not math your public key used in cert-issuer. Host your own JSON file somewhere and point the issuer_id to the address in order to fix the authenticity check.

Kind regards,
uzu

1 Like

I faced also these problems. In the event that you have not solve them already, this is what I did;

  • generate a JSON issuer identity file with “python create_v2_issuer.py -c conf-ini -o issuer.json”. The conf.ini is the same that you are using to generate the certificate template, and to instantiate the certificates. You will find this python module in cert-tools.

  • The previous step will generate a JSON file identifying the issuer, that has to be saved in the exact location that you are declaring in the conf.ini file used also in the previous step. Since I’m using Flask, the line inside the conf.ini looks like;

    issuer_id = http://localhost:5000/issuer/issuer.json

so, as I’m working in a WINDOWS environment, I saved the issuer.json file in “C:\Users\USER\Downloads\cert-viewer-master\cert_viewer\themes\default\static\issuer\issuer.json”,

  • The problem I had, also had to do with the date the date the address was created. In the “issuer,json” file created in the previous step, I went to the end and modified the creation data (setting it to dec 1st), long before the date I generated the certificates. Like that;


“publicKey”: [
{
“id”: “ecdsa-koblitz-pubkey:myCKfiCbsUrAgM9QL7Pz9nbq5Frhhwdd”,
“created”: “2017-12-01T14:29:16.349307+00:00”
}

  • Finally, if you want, you may check that the address you are using in the certificates’ JSON files IS the same ecdsa-koblitz-pubkey address -it already should be like that; look at the end of the file-, that the address inside the issuer,json file (the one showed in the previous step).

Regards

Enrique

3 Likes

For me, I did the test immediately after generating issuer file. So manually change the created date to past date in the issuer.json to bypass this error

The problem I had, also had to do with the date the date the address was created. In the “issuer,json” file created in the previous step, I went to the end and modified the creation data (setting it to dec 1st), long before the date I generated the certificates

Thanks @enriquelizaso :sunglasses:

Hi,

I have created issuer.json using the command you mentioned in your command. I have replaced issuer_id=http://localhost/my-new-issuer.json in conf.ini file. Generated certificate with the same configuration file. However, I do get the same error. Could you please help me?

I have the same problem. I cant find solution