Wehave installed a new CA and now I get this error with the newly released certificates "SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED"
we have upgraded our internal CA to sign CSR with SHA512 hashing and are using firefox quantum 60.4.0esr
can someone help me? Riccardo
この投稿は riccardo.perni により
選ばれた解決策
Do not worry, we have resolved the issue, it was related to the windows server 2016 default settings for the CA, it was selected the RSASSA-PSS algorithm for signing we have reconfigured it to use sha256RSA and now it working fine.
thank you for your support Riccardo
この回答をすべて読む 👍 0すべての返信 (4)
hi, https://wiki.mozilla.org/index.php?title=SecurityEngineering/x509Certs suggests resigning the cert with a modern algorithm.
Thank you for your help, but I do not think the algorithm used in signing is too old, I have done all this operation exactly because I got (with the old CA) the same error from Chrome (and Firefox did not complain), now with the new CA chrome (and explorer 11) accept the new certificate and Firefox start showing this error...
can you provide a sample of a generated cert?
選ばれた解決策
Do not worry, we have resolved the issue, it was related to the windows server 2016 default settings for the CA, it was selected the RSASSA-PSS algorithm for signing we have reconfigured it to use sha256RSA and now it working fine.
thank you for your support Riccardo