X
Нажмите здесь, чтобы перейти на мобильную версию сайта.

Форум поддержки

Wehave installed a new CA and now I get this error with the newly released certificates "SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED"

Размещено

we have upgraded our internal CA to sign CSR with SHA512 hashing and are using firefox quantum 60.4.0esr

can someone help me? Riccardo

we have upgraded our internal CA to sign CSR with SHA512 hashing and are using firefox quantum 60.4.0esr can someone help me? Riccardo

Изменено riccardo.perni

Выбранное решение

Do not worry, we have resolved the issue, it was related to the windows server 2016 default settings for the CA, it was selected the RSASSA-PSS algorithm for signing we have reconfigured it to use sha256RSA and now it working fine.

thank you for your support Riccardo

Прочитайте этот ответ в контексте 0
Цитата

Дополнительные сведения о системе

Приложение

  • User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0

Дополнительная информация

philipp
  • Top 25 Contributor
  • Moderator
5320 решений 23501 ответов
Размещено

hi, https://wiki.mozilla.org/index.php?title=SecurityEngineering/x509Certs suggests resigning the cert with a modern algorithm.

hi, https://wiki.mozilla.org/index.php?title=SecurityEngineering/x509Certs suggests resigning the cert with a modern algorithm.
Помогла ли вам это?
Цитата

Задавший вопрос

Thank you for your help, but I do not think the algorithm used in signing is too old, I have done all this operation exactly because I got (with the old CA) the same error from Chrome (and Firefox did not complain), now with the new CA chrome (and explorer 11) accept the new certificate and Firefox start showing this error...

Thank you for your help, but I do not think the algorithm used in signing is too old, I have done all this operation exactly because I got (with the old CA) the same error from Chrome (and Firefox did not complain), now with the new CA chrome (and explorer 11) accept the new certificate and Firefox start showing this error...
Помогла ли вам это?
Цитата
philipp
  • Top 25 Contributor
  • Moderator
5320 решений 23501 ответов
Размещено

can you provide a sample of a generated cert?

can you provide a sample of a generated cert?
Помогла ли вам это?
Цитата

Выбранное решение

Do not worry, we have resolved the issue, it was related to the windows server 2016 default settings for the CA, it was selected the RSASSA-PSS algorithm for signing we have reconfigured it to use sha256RSA and now it working fine.

thank you for your support Riccardo

Do not worry, we have resolved the issue, it was related to the windows server 2016 default settings for the CA, it was selected the RSASSA-PSS algorithm for signing we have reconfigured it to use sha256RSA and now it working fine. thank you for your support Riccardo
Помогла ли вам это?
Цитата
Задать вопрос

Для ответа на сообщения вы должны войти в свою учётную запись. Пожалуйста, задайте новый вопрос, если у вас ещё нет учётной записи.