Avatar for Username

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

话题已存档。 如果需要帮助请提出新问题。

Wehave installed a new CA and now I get this error with the newly released certificates "SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED"

riccardo.perni
riccardo.perni
more options

we have upgraded our internal CA to sign CSR with SHA512 hashing and are using firefox quantum 60.4.0esr

can someone help me? Riccardo

we have upgraded our internal CA to sign CSR with SHA512 hashing and are using firefox quantum 60.4.0esr can someone help me? Riccardo

由riccardo.perni于修改

被采纳的解决方案

Do not worry, we have resolved the issue, it was related to the windows server 2016 default settings for the CA, it was selected the RSASSA-PSS algorithm for signing we have reconfigured it to use sha256RSA and now it working fine.

thank you for your support Riccardo

定位到答案原位置 👍 0

所有回复 (4)

philipp
philipp
  • Moderator
more options

hi, https://wiki.mozilla.org/index.php?title=SecurityEngineering/x509Certs suggests resigning the cert with a modern algorithm.

riccardo.perni
riccardo.perni 提问者
more options

Thank you for your help, but I do not think the algorithm used in signing is too old, I have done all this operation exactly because I got (with the old CA) the same error from Chrome (and Firefox did not complain), now with the new CA chrome (and explorer 11) accept the new certificate and Firefox start showing this error...

philipp
philipp
  • Moderator
more options

can you provide a sample of a generated cert?

riccardo.perni
riccardo.perni 提问者
more options

选择的解决方案

Do not worry, we have resolved the issue, it was related to the windows server 2016 default settings for the CA, it was selected the RSASSA-PSS algorithm for signing we have reconfigured it to use sha256RSA and now it working fine.

thank you for your support Riccardo