UPDATE: I now have reason to believe that they just removed MD5 from known signing algorithms, and that a SHA1 will work. Anyone know anything about this?
Thanks, bwc > On May 25, 2015, at 3:06 PM, Brantley Coile <brantleyco...@me.com> wrote: > > Turns out the CSR wasn’t acceptable because of the MD5 signature. It seems > the that they should be signed as RSA and not MD5. MD5 is not deemed secure > enough. The plan 9 code is signing everything with MD5. Who owns this code? > Has anyone fixed this yet? > >> On May 24, 2015, at 11:10 AM, Skip Tavakkolian <9...@9netics.com> wrote: >> >> going by my notes from the last time i used plan9 tools to generate a >> CSR, the only differences i see are quoting the O attribute to handle >> spaces in organization name and dropping the word "SIGNING" from >> PEM header/footer. >> >>> Thanks all. It goes through sslshopper fine, but the CA still doesn’t like >>> it. I’ll call them tomorrow. Thanks for all the help. >>> >>> bwc >>> >>>> On May 23, 2015, at 1:08 PM, lu...@proxima.alt.za wrote: >>>> >>>>> I then pasted the contents of ‘csr’ into the page and get “This CSR >>>>> has an invalid signature!” >>>> >>>> It's worth playing with openssl to check the output from auth/rsa2csr. >>>> The diagnostics are bound to be a bit less vague. Trying your >>>> instructions, the PEM encoded csr includes the seemingly unwanted word >>>> "SIGNING" in the headers. When I remove it (and a space) openssl req >>>> reports a valid certificate request. >>>> >>>> Lucio. >>>> >>>> >> >> > >
