Pomoc pśepytaś

Glědajśo se wobšudy pomocy. Njenapominajomy was nigda, telefonowy numer zawołaś, SMS pósłaś abo wósobinske informacije pśeraźiś. Pšosym dajśo suspektnu aktiwitu z pomocu nastajenja „Znjewužywanje k wěsći daś“ k wěsći.

Dalšne informacije

How can I disable MD5 signature algorithm on Firefox when creating a CSR?

  • 3 wótegrona
  • 3 maju toś ten problem
  • 3 naglědy
  • Slědne wótegrono wót naldiello

more options

I'm trying to create a CSR (Certificate Signing Request) in a website using Firefox. When Firefox creates the pair of keys, it signs the CSR using MD5WithRSAEncryption. Due to FIPS compliance, the Certification Authority does not accept md5WithRSAEncryption. The CSR must be signed with sha1WithRSAEncryption.

I'm trying to create a CSR (Certificate Signing Request) in a website using Firefox. When Firefox creates the pair of keys, it signs the CSR using MD5WithRSAEncryption. Due to FIPS compliance, the Certification Authority does not accept md5WithRSAEncryption. The CSR must be signed with sha1WithRSAEncryption.

Wšykne wótegrona (3)

more options

hello, this is quite a detailed request, i'm not sure if something can be done about it within the current firefox preferences - here on the forums we're primarily focused on fixing "solvable" issues. you might want to file a bug report for this issue at https://bugzilla.mozilla.org instead, so that it will gain the attention of developers...

more options

I haven't dealt with CSR's too much, but is there a particular reason you're using Firefox to do this?

At least for SSL certificates, shouldn't this be done on the server?

more options

Hi madperson,

I believe I will report this as a bug since the changes I made should resolve this issue. Furthermore, Mozilla published that they will not be using MD5 signatures as off 2010 (https://wiki.mozilla.org/CA:MD5and1024).

In regards to yalam96's question: Depending on the use and application, some key pairs and CSR can be generated on the server side. For critical applications, such as financial applications, key pair should/must be generated on the client-side (browser) and CSR on the server, that way the CA is never in possession of the client's private key.

N.