This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Windows Certificate Authority

  • 1 reply
  • 1 has this problem
  • 22 views
  • Last reply by guigs

more options

My company has a Windows internal certificate authority (2012R2) I am trying to find documentation on what settings are needed to generate certificates compliant for use with Firefox.

Certificates created using this internal CA get the below error when using Firefox, although IE and Chrome do not. Hopefully, there is some documentation on what is needed to generate SSL certificate compliant with Firefox standards.

SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED The certificate was signed using a signature algorithm that is disabled because it is not secure.

My company has a Windows internal certificate authority (2012R2) I am trying to find documentation on what settings are needed to generate certificates compliant for use with Firefox. Certificates created using this internal CA get the below error when using Firefox, although IE and Chrome do not. Hopefully, there is some documentation on what is needed to generate SSL certificate compliant with Firefox standards. SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED The certificate was signed using a signature algorithm that is disabled because it is not secure.

All Replies (1)

more options

Can you use a different algorithm to sign your self-signed certificate?

This is the certificate root store policy for reference https://www.mozilla.org/en-US/about/g.../#maintenance

I would read almost all of it, but it looks like that error is running into this section -> 5.1 Algorithms

If I can't help solve this certificates@mozilla.org might. :-)

Modified by guigs