Wehave installed a new CA and now I get this error with the newly released certificates "SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED"
we have upgraded our internal CA to sign CSR with SHA512 hashing and are using firefox quantum 60.4.0esr
can someone help me? Riccardo
Bewurke troch riccardo.perni op
Keazen oplossing
Do not worry, we have resolved the issue, it was related to the windows server 2016 default settings for the CA, it was selected the RSASSA-PSS algorithm for signing we have reconfigured it to use sha256RSA and now it working fine.
thank you for your support Riccardo
Dit antwurd yn kontekst lêze 👍 0Alle antwurden (4)
hi, https://wiki.mozilla.org/index.php?title=SecurityEngineering/x509Certs suggests resigning the cert with a modern algorithm.
Thank you for your help, but I do not think the algorithm used in signing is too old, I have done all this operation exactly because I got (with the old CA) the same error from Chrome (and Firefox did not complain), now with the new CA chrome (and explorer 11) accept the new certificate and Firefox start showing this error...
can you provide a sample of a generated cert?
Keazen oplossing
Do not worry, we have resolved the issue, it was related to the windows server 2016 default settings for the CA, it was selected the RSASSA-PSS algorithm for signing we have reconfigured it to use sha256RSA and now it working fine.
thank you for your support Riccardo