Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Èròjà atẹ̀lélànà yii ni a ti fi pamọ́ fọ́jọ́ pípẹ́. Jọ̀wọ́ béèrè ìbéèrè titun bí o bá nílò ìrànwọ́.

Wehave installed a new CA and now I get this error with the newly released certificates "SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED"

  • 4 àwọn èsì
  • 1 ní ìṣòro yìí
  • 42 views
  • Èsì tí ó kẹ́hìn lọ́wọ́ riccardo.perni

more options

we have upgraded our internal CA to sign CSR with SHA512 hashing and are using firefox quantum 60.4.0esr

can someone help me? Riccardo

we have upgraded our internal CA to sign CSR with SHA512 hashing and are using firefox quantum 60.4.0esr can someone help me? Riccardo

Ti ṣàtúnṣe nípa riccardo.perni

Ọ̀nà àbáyọ tí a yàn

Do not worry, we have resolved the issue, it was related to the windows server 2016 default settings for the CA, it was selected the RSASSA-PSS algorithm for signing we have reconfigured it to use sha256RSA and now it working fine.

thank you for your support Riccardo

Ka ìdáhùn ni ìṣètò kíkà 👍 0

All Replies (4)

more options

hi, https://wiki.mozilla.org/index.php?title=SecurityEngineering/x509Certs suggests resigning the cert with a modern algorithm.

more options

Thank you for your help, but I do not think the algorithm used in signing is too old, I have done all this operation exactly because I got (with the old CA) the same error from Chrome (and Firefox did not complain), now with the new CA chrome (and explorer 11) accept the new certificate and Firefox start showing this error...

more options

can you provide a sample of a generated cert?

more options

Ọ̀nà àbáyọ Tí a Yàn

Do not worry, we have resolved the issue, it was related to the windows server 2016 default settings for the CA, it was selected the RSASSA-PSS algorithm for signing we have reconfigured it to use sha256RSA and now it working fine.

thank you for your support Riccardo