Tìm kiếm hỗ trợ

Tránh các lừa đảo về hỗ trợ. Chúng tôi sẽ không bao giờ yêu cầu bạn gọi hoặc nhắn tin đến số điện thoại hoặc chia sẻ thông tin cá nhân. Vui lòng báo cáo hoạt động đáng ngờ bằng cách sử dụng tùy chọn "Báo cáo lạm dụng".

Tìm hiểu thêm

How can I disable MD5 signature algorithm on Firefox when creating a CSR?

  • 3 trả lời
  • 3 gặp vấn đề này
  • 1 lượt xem
  • Trả lời mới nhất được viết bởi naldiello

more options

I'm trying to create a CSR (Certificate Signing Request) in a website using Firefox. When Firefox creates the pair of keys, it signs the CSR using MD5WithRSAEncryption. Due to FIPS compliance, the Certification Authority does not accept md5WithRSAEncryption. The CSR must be signed with sha1WithRSAEncryption.

I'm trying to create a CSR (Certificate Signing Request) in a website using Firefox. When Firefox creates the pair of keys, it signs the CSR using MD5WithRSAEncryption. Due to FIPS compliance, the Certification Authority does not accept md5WithRSAEncryption. The CSR must be signed with sha1WithRSAEncryption.

Tất cả các câu trả lời (3)

more options

hello, this is quite a detailed request, i'm not sure if something can be done about it within the current firefox preferences - here on the forums we're primarily focused on fixing "solvable" issues. you might want to file a bug report for this issue at https://bugzilla.mozilla.org instead, so that it will gain the attention of developers...

more options

I haven't dealt with CSR's too much, but is there a particular reason you're using Firefox to do this?

At least for SSL certificates, shouldn't this be done on the server?

more options

Hi madperson,

I believe I will report this as a bug since the changes I made should resolve this issue. Furthermore, Mozilla published that they will not be using MD5 signatures as off 2010 (https://wiki.mozilla.org/CA:MD5and1024).

In regards to yalam96's question: Depending on the use and application, some key pairs and CSR can be generated on the server side. For critical applications, such as financial applications, key pair should/must be generated on the client-side (browser) and CSR on the server, that way the CA is never in possession of the client's private key.

N.