Two weeks ago Viktor Dukhovni wrote:
> Actually, SHA-2 SHOULD NOT (yet) be used for signing certificates.
>
> Many TLSv1 clients don't support SHA-2 and servers must present
> SHA-1 certificates except when TLSv1.2 clients indicate SHA-2 support.
> Fielding multiple certificates with different
>
> From: owner-openssl-users On Behalf Of Marcus Schmitt
> Sent: Monday, November 04, 2013 10:31
> I created the root-CA, Intermediate-CA and the servercert on my MAC
> (10.8), afterwards I imported the file to my FreeBSD 9.
>
> When I try to create all the CA and certs on my FreeBSD directly I re
Hello,
there is one information I forgot to mention in my previews mails, maybe this
is the reason for the problem.
I created the root-CA, Intermediate-CA and the servercert on my MAC (10.8),
afterwards I imported the file to my FreeBSD 9.
When I try to create all the CA and certs on my FreeBS
On Wed, Oct 30, 2013 at 06:13:51PM +, Paul Suhler wrote:
> Note that SHA-1 is being deprecated by NIST for generating new
> signatures. You may want to consider a SHA-2 algorithm (e.g.,
> SHA-224 or SHA-256). In principle it's still okay to *validate*
> legacy signatures, e.g., SHA-1.
Actua
Hello Marcus
On 30.10.2013 19:26, Marcus Schmitt wrote:
nameopt = default_ca
certopt = default_ca
what do this lines should mean in your openssl.cnf?
can you do the following with each of your generated certificates:
openssl x509
l.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Walter H.
Sent: Wednesday, October 30, 2013 11:05
To: openssl-users@openssl.org
Subject: Re: Signature Algorithm that was disabled because that algorithm is
not secure
Hello,
On 30.10.2013 18:17, Marcus Schmitt wrote:
> I have one problem
Hello Walter,
the problem is that the openssl.cnf file already include this line:
This is my file:
===
# OpenSSL configuration file.
#
# Establish working directory.
dir = .
[ ca ]
default_ca = CA_default
[ CA_default ]
ser
Hello,
On 30.10.2013 18:17, Marcus Schmitt wrote:
I have one problem after I created a root-CA, intermediate-CA and a server
certificate. After I configured my apache with the server cert, key and
intermediate cert and importing the root-CA to firefox 24 I received the
following error when I
Hello,
I have one problem after I created a root-CA, intermediate-CA and a server
certificate. After I configured my apache with the server cert, key and
intermediate cert and importing the root-CA to firefox 24 I received the
following error when I browse to the website:
Could not verify this
