Търсене в помощните статии

Избягвайте измамите при поддръжката. Никога няма да ви помолим да се обадите или изпратите SMS на телефонен номер или да споделите лична информация. Моля, докладвайте подозрителна активност на "Докладване за злоупотреба".

Научете повече

How can I disable MD5 signature algorithm on Firefox when creating a CSR?

  • 3 отговора
  • 3 имат този проблем
  • 1 изглед
  • Последен отговор от naldiello

more options

I'm trying to create a CSR (Certificate Signing Request) in a website using Firefox. When Firefox creates the pair of keys, it signs the CSR using MD5WithRSAEncryption. Due to FIPS compliance, the Certification Authority does not accept md5WithRSAEncryption. The CSR must be signed with sha1WithRSAEncryption.

I'm trying to create a CSR (Certificate Signing Request) in a website using Firefox. When Firefox creates the pair of keys, it signs the CSR using MD5WithRSAEncryption. Due to FIPS compliance, the Certification Authority does not accept md5WithRSAEncryption. The CSR must be signed with sha1WithRSAEncryption.

Всички отговори (3)

more options

hello, this is quite a detailed request, i'm not sure if something can be done about it within the current firefox preferences - here on the forums we're primarily focused on fixing "solvable" issues. you might want to file a bug report for this issue at https://bugzilla.mozilla.org instead, so that it will gain the attention of developers...

more options

I haven't dealt with CSR's too much, but is there a particular reason you're using Firefox to do this?

At least for SSL certificates, shouldn't this be done on the server?

more options

Hi madperson,

I believe I will report this as a bug since the changes I made should resolve this issue. Furthermore, Mozilla published that they will not be using MD5 signatures as off 2010 (https://wiki.mozilla.org/CA:MD5and1024).

In regards to yalam96's question: Depending on the use and application, some key pairs and CSR can be generated on the server side. For critical applications, such as financial applications, key pair should/must be generated on the client-side (browser) and CSR on the server, that way the CA is never in possession of the client's private key.

N.