Pretraži podršku

Izbjegni prevare podrške. Nikad te nećemo tražiti da nas nazoveš, da nam pošalješ telefonski broj ili da podijeliš osobne podatke. Prijavi sumnjive radnje pomoću opcije „Prijavi zlouporabu”.

Saznaj više

TLS fails on linux self-signed certs

  • 7 odgovora
  • 29 ima ovaj problem
  • 1 prikaz
  • Posljednji odgovor od ctmattice

more options

on firefox 38.1.0 running on centOS 6.6 I'm having issue with TLS.

when this first happened I re did the cert using 2048 byte keys. This seemed to take care of the issue when navigating to addresses similar to https://localhost/somesite, however, if I try https://localhost:10000 it always fails with:

An error occurred during a connection to localhost.localdomain:10000. The server certificate included a public key that was too weak. (Error code: ssl_error_weak_server_cert_key)

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem.

The certificate Signature algorithim is -> PKCS #1 SHA-1 With RSA Encryption

The public key algorithim is -> PKCS #1 RSA Encryption

The key was create on 07/06/15 for a 10 year period, It is a Version 1 cert issued by myself with the following info E = ctmattice@permitepaints.com CN = localhost OU = hq O = permite L = Stone Mountain ST = ga C = us

on firefox 38.1.0 running on centOS 6.6 I'm having issue with TLS. when this first happened I re did the cert using 2048 byte keys. This seemed to take care of the issue when navigating to addresses similar to https://localhost/somesite, however, if I try https://localhost:10000 it always fails with: An error occurred during a connection to localhost.localdomain:10000. The server certificate included a public key that was too weak. (Error code: ssl_error_weak_server_cert_key) The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. The certificate Signature algorithim is -> PKCS #1 SHA-1 With RSA Encryption The public key algorithim is -> PKCS #1 RSA Encryption The key was create on 07/06/15 for a 10 year period, It is a Version 1 cert issued by myself with the following info E = ctmattice@permitepaints.com CN = localhost OU = hq O = permite L = Stone Mountain ST = ga C = us

Izabrano rješenje

This was a webmin problem.

To fix this edit /etc/webmin/miniserv.pem replace the cert and private key sections.

Use a new generated key and self-signed cert. If you follow centOS instructions the location of the files are /etc/pki/tls/private/ca.key and /etc/pki/tls/certs/ca.crt

Pročitaj ovaj odgovor u kontekstu 👍 0

Svi odgovori (7)

more options

Are there more than one cert listed in the certificate manager? Is the cert using ssl3?

more options

guigs said

Are there more than one cert listed in the certificate manager? Is the cert using ssl3?

No only one cert and ssl3 is disabled, only using TLS1.0 and above.

more options

Fallback tls is the third version if not specified. The Dh is not specified so its not the logjam encryption vulnerability.

Could you re-creating your self-signed key?

A work around I have seen is if it works in Windows you can export the certs working in another browser and import those versions, but this does not address the immediate issue.

See if it follows the CA guidelines. Edit the big one was the recent logjam algos: https://communities.bmc.com/thread/131855

Izmjenjeno od guigs

more options

Replaced the self-signed cert, double checked no other private keys or certs were present. Still have the same issue.

Any thing with a address of https://example.com/somelink works

Tried https://example.com:443 it works as expected. The port # 10000 is typically used by webmin so I'll check over there and see if they have any reports about this

more options

Odabrano rješenje

This was a webmin problem.

To fix this edit /etc/webmin/miniserv.pem replace the cert and private key sections.

Use a new generated key and self-signed cert. If you follow centOS instructions the location of the files are /etc/pki/tls/private/ca.key and /etc/pki/tls/certs/ca.crt

Izmjenjeno od ctmattice

more options

Just curious, is this on the server or a work around for a centOs pc?

more options

This was on a server.

The problem lies within webmin and discovered when I uninstalled then reinstalled the yum repository. In the installation process they create a self-signed cert which is too weak for the lastest firefox version.