Wehave installed a new CA and now I get this error with the newly released certificates "SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED"
we have upgraded our internal CA to sign CSR with SHA512 hashing and are using firefox quantum 60.4.0esr
can someone help me? Riccardo
Modificato da riccardo.perni il
Soluzione scelta
Do not worry, we have resolved the issue, it was related to the windows server 2016 default settings for the CA, it was selected the RSASSA-PSS algorithm for signing we have reconfigured it to use sha256RSA and now it working fine.
thank you for your support Riccardo
Leggere questa risposta nel contesto 👍 0Tutte le risposte (4)
hi, https://wiki.mozilla.org/index.php?title=SecurityEngineering/x509Certs suggests resigning the cert with a modern algorithm.
Thank you for your help, but I do not think the algorithm used in signing is too old, I have done all this operation exactly because I got (with the old CA) the same error from Chrome (and Firefox did not complain), now with the new CA chrome (and explorer 11) accept the new certificate and Firefox start showing this error...
can you provide a sample of a generated cert?
Soluzione scelta
Do not worry, we have resolved the issue, it was related to the windows server 2016 default settings for the CA, it was selected the RSASSA-PSS algorithm for signing we have reconfigured it to use sha256RSA and now it working fine.
thank you for your support Riccardo