Hello, I have one problem after I created a root-CA, intermediate-CA and a server certificate. After I configured my apache with the server cert, key and intermediate cert and importing the root-CA to firefox 24 I received the following error when I browse to the website:
Could not verify this certificate because it was signed using a signature algoritm that was disabled because that algorithm is not secure I assume the reason for this error message is that I see "Certificate Signatore Algorithm" is "PKCS #1 MD5 With RSA Encryption" for the Intermediate Certificate and Server Certificate. For the root-CA I see "PKCS #1 SHA With RSA Encryption". Unfortunately I was not able to find the reason for this issue, please find the lines I use below: openssl genrsa -des3 -out private/cakey.pem 2048 -config ./openssl.cnf openssl req -new -x509 -nodes -days 3650 -key private/cakey.pem -out certs/cacert.pem -config openssl.cnf openssl genrsa -des3 -out private/cakey.pem 2048 -config ./openssl.cnf openssl req -new -sha1 -key private/cakey.pem -out csr/ica.csr -config ./openssl.cnf openssl ca -config ./openssl.cnf -days 1825 -md sha1 -in ica.csr -out ica.crt -extensions v3_ca openssl genrsa -des3 -out server.key 2048 -config ./openssl.cnf openssl req -new -sha1 -key private/server.key -out csr/server.csr -config ./openssl.cnf openssl ca -config ./openssl.cnf -days 730 -md sha1 -in server.csr -out server.crt Please ignore that it looks like as I overright the files because the files are in different folders. I would be really happy if someone could help me. Best Regards Marcus______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
