RE: Signature Algorithm that was disabled because that algorithm is not secure
Two weeks ago Viktor Dukhovni wrote: Actually, SHA-2 SHOULD NOT (yet) be used for signing certificates. Many TLSv1 clients don't support SHA-2 and servers must present SHA-1 certificates except when TLSv1.2 clients indicate SHA-2 support. Fielding multiple certificates with different signature algorithms is too complex. - Good point. Microsoft isn't rushing to drop recognition of SHA-1 signatures: http://arstechnica.com/security/2013/11/hoping-to-avert-collision-with-disaster-microsoft-retires-sha1/ The company's software will stop recognizing the validity of digital certificates that use the SHA1 cryptographic algorithm after 2016 ... Thanks, Paul -- The information contained in this transmission may be confidential. Any disclosure, copying, or further distribution of confidential information is not permitted unless such privilege is explicitly granted in writing by Quantum. Quantum reserves the right to have electronic communications, including email and attachments, sent across its networks filtered through anti virus and spam software programs and retain such messages in order to comply with applicable data security and retention requirements. Quantum is not responsible for the proper and complete transmission of the substance of this communication or for any delay in its receipt. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Signature Algorithm that was disabled because that algorithm is not secure
Hello, there is one information I forgot to mention in my previews mails, maybe this is the reason for the problem. I created the root-CA, Intermediate-CA and the servercert on my MAC (10.8), afterwards I imported the file to my FreeBSD 9. When I try to create all the CA and certs on my FreeBSD directly I receive the following error: === openssl req -new -x509 -nodes -days 3650 -key private/cakey.pem -out certs/cacert.pem -config openssl.cnf Error Loading request extension section v3_req 11827:error:22071071:X509 V3 routines:string_to_hex:illegal hex digit:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/x509v3/v3_utl.c:441: 11827:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/x509v3/v3_conf.c:93:name=subjectKeyIdentifier, value=hasH === Could the issue be caused by the MAC ? What might be the reason for this issue ? Best Regards Marcus Am 30.10.2013 um 19:26 schrieb Marcus Schmitt mailingl...@netmage.info: Hello Walter, the problem is that the openssl.cnf file already include this line: This is my file: === # OpenSSL configuration file. # # Establish working directory. dir = . [ ca ] default_ca = CA_default [ CA_default ] serial = $dir/serial database= $dir/certindex.txt new_certs_dir = $dir/certs certificate = $dir/cacert.pem private_key = $dir/private/cakey.pem default_days= 365 default_md = sha1 preserve= no email_in_dn = no nameopt = default_ca certopt = default_ca policy = policy_match [ policy_match ] countryName = match stateOrProvinceName = match organizationName= match organizationalUnitName = optional commonName = supplied emailAddress= optional [ req ] default_bits= 2048 # Size of keys default_keyfile = key.pem # name of generated keys default_md = sha1 # message digest algorithm string_mask = nombstr # permitted characters distinguished_name = req_distinguished_name req_extensions = v3_req [ req_distinguished_name ] # Variable name Prompt string #--- 0.organizationName = Organization Name (company) organizationalUnitName = Organizational Unit Name (department, division) emailAddress= Email Address emailAddress_max= 40 localityName= Locality Name (city, district) stateOrProvinceName = State or Province Name (full name) countryName = Country Name (2 letter code) countryName_min = 2 countryName_max = 2 commonName = Common Name (hostname, IP, or your name) commonName_max = 64 [ v3_ca ] basicConstraints= CA:TRUE subjectKeyIdentifier= hash authorityKeyIdentifier = issuer:always [ v3_req ] basicConstraints= CA:FALSE subjectKeyIdentifier= hash === Or is there anything wrong with this file ? Best Regards Marcus Am 30.10.2013 um 19:05 schrieb Walter H. walte...@mathemainzel.info: Hello, On 30.10.2013 18:17, Marcus Schmitt wrote: I have one problem after I created a root-CA, intermediate-CA and a server certificate. After I configured my apache with the server cert, key and intermediate cert and importing the root-CA to firefox 24 I received the following error when I browse to the website: Could not verify this certificate because it was signed using a signature algoritm that was disabled because that algorithm is not secure I assume the reason for this error message is that I see Certificate Signatore Algorithm is PKCS #1 MD5 With RSA Encryption for the Intermediate Certificate and Server Certificate. For the root-CA I see PKCS #1 SHA With RSA Encryption. Unfortunately I was not able to find the reason for this issue, please find the lines I use below: The problem is not in one of these lines, it is in the config file
RE: Signature Algorithm that was disabled because that algorithm is not secure
From: owner-openssl-users On Behalf Of Marcus Schmitt Sent: Monday, November 04, 2013 10:31 I created the root-CA, Intermediate-CA and the servercert on my MAC (10.8), afterwards I imported the file to my FreeBSD 9. When I try to create all the CA and certs on my FreeBSD directly I receive the following error: === openssl req -new -x509 -nodes -days 3650 -key private/cakey.pem -out certs/cacert.pem -config openssl.cnf Error Loading request extension section v3_req 11827:error:22071071:X509 V3 routines:string_to_hex:illegal hex digit:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/x509v3/v3 _ utl.c:441: 11827:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/x509v 3/v3_conf.c:93:name=subjectKeyIdentifier, value=hasH === Could the issue be caused by the MAC ? What might be the reason for this issue ? Look carefully at the error message; you have subjectKeyIdentifier=hasH with an uppercase H when it should be lowercase. Did you import the openssl.cnf file and if so how? ftp, rcp, scp, smb, USB, etc? Or did you retype it? If you retype, some things including this must be exact. Mac OSX (and earlier) *filenames* are (at least usually) case-insensitive, but AFAIK no Macs ever ignored case for entering or changing text *in* a file. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Signature Algorithm that was disabled because that algorithm is not secure
Hello, On 30.10.2013 18:17, Marcus Schmitt wrote: I have one problem after I created a root-CA, intermediate-CA and a server certificate. After I configured my apache with the server cert, key and intermediate cert and importing the root-CA to firefox 24 I received the following error when I browse to the website: Could not verify this certificate because it was signed using a signature algoritm that was disabled because that algorithm is not secure I assume the reason for this error message is that I see Certificate Signatore Algorithm is PKCS #1 MD5 With RSA Encryption for the Intermediate Certificate and Server Certificate. For the root-CA I see PKCS #1 SHA With RSA Encryption. Unfortunately I was not able to find the reason for this issue, please find the lines I use below: The problem is not in one of these lines, it is in the config file openssl.cnf openssl genrsa -des3 -out private/cakey.pem 2048 -config ./openssl.cnf openssl req -new -x509 -nodes -days 3650 -key private/cakey.pem -out certs/cacert.pem -config openssl.cnf openssl genrsa -des3 -out private/cakey.pem 2048 -config ./openssl.cnf openssl req -new -sha1 -key private/cakey.pem -out csr/ica.csr -config ./openssl.cnf openssl ca -config ./openssl.cnf -days 1825 -md sha1 -in ica.csr -out ica.crt -extensions v3_ca openssl genrsa -des3 -out server.key 2048 -config ./openssl.cnf openssl req -new -sha1 -key private/server.key -out csr/server.csr -config ./openssl.cnf openssl ca -config ./openssl.cnf -days 730 -md sha1 -in server.csr -out server.crt look if you find there something similiar to default_md = md5 change this to default_md = sha1 and generate your certificates the same way as above Greetings, Walter __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Signature Algorithm that was disabled because that algorithm is not secure
Hello Walter, the problem is that the openssl.cnf file already include this line: This is my file: === # OpenSSL configuration file. # # Establish working directory. dir = . [ ca ] default_ca = CA_default [ CA_default ] serial = $dir/serial database= $dir/certindex.txt new_certs_dir = $dir/certs certificate = $dir/cacert.pem private_key = $dir/private/cakey.pem default_days= 365 default_md = sha1 preserve= no email_in_dn = no nameopt = default_ca certopt = default_ca policy = policy_match [ policy_match ] countryName = match stateOrProvinceName = match organizationName= match organizationalUnitName = optional commonName = supplied emailAddress= optional [ req ] default_bits= 2048 # Size of keys default_keyfile = key.pem # name of generated keys default_md = sha1 # message digest algorithm string_mask = nombstr # permitted characters distinguished_name = req_distinguished_name req_extensions = v3_req [ req_distinguished_name ] # Variable name Prompt string #--- 0.organizationName = Organization Name (company) organizationalUnitName = Organizational Unit Name (department, division) emailAddress= Email Address emailAddress_max= 40 localityName= Locality Name (city, district) stateOrProvinceName = State or Province Name (full name) countryName = Country Name (2 letter code) countryName_min = 2 countryName_max = 2 commonName = Common Name (hostname, IP, or your name) commonName_max = 64 [ v3_ca ] basicConstraints= CA:TRUE subjectKeyIdentifier= hash authorityKeyIdentifier = issuer:always [ v3_req ] basicConstraints= CA:FALSE subjectKeyIdentifier= hash === Or is there anything wrong with this file ? Best Regards Marcus Am 30.10.2013 um 19:05 schrieb Walter H. walte...@mathemainzel.info: Hello, On 30.10.2013 18:17, Marcus Schmitt wrote: I have one problem after I created a root-CA, intermediate-CA and a server certificate. After I configured my apache with the server cert, key and intermediate cert and importing the root-CA to firefox 24 I received the following error when I browse to the website: Could not verify this certificate because it was signed using a signature algoritm that was disabled because that algorithm is not secure I assume the reason for this error message is that I see Certificate Signatore Algorithm is PKCS #1 MD5 With RSA Encryption for the Intermediate Certificate and Server Certificate. For the root-CA I see PKCS #1 SHA With RSA Encryption. Unfortunately I was not able to find the reason for this issue, please find the lines I use below: The problem is not in one of these lines, it is in the config file openssl.cnf openssl genrsa -des3 -out private/cakey.pem 2048 -config ./openssl.cnf openssl req -new -x509 -nodes -days 3650 -key private/cakey.pem -out certs/cacert.pem -config openssl.cnf openssl genrsa -des3 -out private/cakey.pem 2048 -config ./openssl.cnf openssl req -new -sha1 -key private/cakey.pem -out csr/ica.csr -config ./openssl.cnf openssl ca -config ./openssl.cnf -days 1825 -md sha1 -in ica.csr -out ica.crt -extensions v3_ca openssl genrsa -des3 -out server.key 2048 -config ./openssl.cnf openssl req -new -sha1 -key private/server.key -out csr/server.csr -config ./openssl.cnf openssl ca -config ./openssl.cnf -days 730 -md sha1 -in server.csr -out server.crt look if you find there something similiar to default_md = md5 change this to default_md = sha1 and generate your certificates the same way as above Greetings, Walter __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated
RE: Signature Algorithm that was disabled because that algorithm is not secure
Note that SHA-1 is being deprecated by NIST for generating new signatures. You may want to consider a SHA-2 algorithm (e.g., SHA-224 or SHA-256). In principle it's still okay to *validate* legacy signatures, e.g., SHA-1. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Walter H. Sent: Wednesday, October 30, 2013 11:05 To: openssl-users@openssl.org Subject: Re: Signature Algorithm that was disabled because that algorithm is not secure Hello, On 30.10.2013 18:17, Marcus Schmitt wrote: I have one problem after I created a root-CA, intermediate-CA and a server certificate. After I configured my apache with the server cert, key and intermediate cert and importing the root-CA to firefox 24 I received the following error when I browse to the website: Could not verify this certificate because it was signed using a signature algoritm that was disabled because that algorithm is not secure I assume the reason for this error message is that I see Certificate Signatore Algorithm is PKCS #1 MD5 With RSA Encryption for the Intermediate Certificate and Server Certificate. For the root-CA I see PKCS #1 SHA With RSA Encryption. Unfortunately I was not able to find the reason for this issue, please find the lines I use below: The problem is not in one of these lines, it is in the config file openssl.cnf openssl genrsa -des3 -out private/cakey.pem 2048 -config ./openssl.cnf openssl req -new -x509 -nodes -days 3650 -key private/cakey.pem -out certs/cacert.pem -config openssl.cnf openssl genrsa -des3 -out private/cakey.pem 2048 -config ./openssl.cnf openssl req -new -sha1 -key private/cakey.pem -out csr/ica.csr -config ./openssl.cnf openssl ca -config ./openssl.cnf -days 1825 -md sha1 -in ica.csr -out ica.crt -extensions v3_ca openssl genrsa -des3 -out server.key 2048 -config ./openssl.cnf openssl req -new -sha1 -key private/server.key -out csr/server.csr -config ./openssl.cnf openssl ca -config ./openssl.cnf -days 730 -md sha1 -in server.csr -out server.crt look if you find there something similiar to default_md = md5 change this to default_md = sha1 and generate your certificates the same way as above Greetings, Walter __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- The information contained in this transmission may be confidential. Any disclosure, copying, or further distribution of confidential information is not permitted unless such privilege is explicitly granted in writing by Quantum. Quantum reserves the right to have electronic communications, including email and attachments, sent across its networks filtered through anti virus and spam software programs and retain such messages in order to comply with applicable data security and retention requirements. Quantum is not responsible for the proper and complete transmission of the substance of this communication or for any delay in its receipt. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Signature Algorithm that was disabled because that algorithm is not secure
Hello Marcus On 30.10.2013 19:26, Marcus Schmitt wrote: nameopt = default_ca certopt = default_ca what do this lines should mean in your openssl.cnf? can you do the following with each of your generated certificates: openssl x509 -text -noout -in cert.pem cert.text there you should see the mistake in these generated output cert.text Greetings, Walter __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Signature Algorithm that was disabled because that algorithm is not secure
On Wed, Oct 30, 2013 at 06:13:51PM +, Paul Suhler wrote: Note that SHA-1 is being deprecated by NIST for generating new signatures. You may want to consider a SHA-2 algorithm (e.g., SHA-224 or SHA-256). In principle it's still okay to *validate* legacy signatures, e.g., SHA-1. Actually, SHA-2 SHOULD NOT (yet) be used for signing certificates. Many TLSv1 clients don't support SHA-2 and servers must present SHA-1 certificates except when TLSv1.2 clients indicate SHA-2 support. Fielding multiple certificates with different signature algorithms is too complex. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
