Koozali.org: home of the SME Server

Obsolete Releases => SME 7.x Contribs => Topic started by: Stefano on January 22, 2010, 12:38:29 PM

Title: Custom CA certificate and SHA1
Post by: Stefano on January 22, 2010, 12:38:29 PM

Hi all..

following this (http://wiki.contribs.org/Custom_CA_Certificate) howto, I'm trying to get a cert from www.startssl.com (http://www.startssl.com), but, when I paste the csr file, I got:

Quote

MD5 Signature Algorithm Detected
 
Error   

    * Your certificate request was created with a potentially weak signature algorithm.
    * For more information please see this FAQ item.
    * Please change the signature algorithm to SHA1 or better, create a new CSR and try it again!

FAQ item tells me only that MD5 algorithm is weak..
How do I get a SHA1 signed csr?

TIA

Title: Re: Custom CA certificate and SHA1
Post by: johnp on January 23, 2010, 01:26:22 AM

I don't know if just changing the default_md to sha1 in the openssl.cnf file would work, but you could do a quick test. I think its located in /usr/share/ssl

Title: Re: Custom CA certificate and SHA1
Post by: Stefano on January 23, 2010, 01:47:30 AM

thank you, you give me the right hint :-)

I will update wiki's page asap

Title: Re: Custom CA certificate and SHA1
Post by: johnp on January 23, 2010, 02:21:12 AM

Glad to be able to help  :D