Hi
> > I am not sure that this related, be we were having issues after > > updating from 1.8.0_31 to 1.8.0_72 with certificates signed by > > root-cas that have a md5 signature. While the CA signature in the CA > > certificate does not provide any security, a bug in the jre rejected > > the certificate even though the certificate itself was signed with > > sha1. Maybe this is related. > > Do you mean rejecting SHA-1 signatures instead of SHA-256? > MD5 hasn't been used for certificate signatures for quite a few years. No, I mean MD5. A customer of ours had a CA that was created using MD5 in the Root Certificate in 2004. (Customers setup, not ours.) But the server certificate was correctly signed using SHA1. Still java rejected the certificate, because of the weak (but irrelevant) signature of the CA certificate. Regards, Steffen
smime.p7s
Description: S/MIME cryptographic signature
