Just wanted to provide an update as I was able to identify the root cause for
this error. The issue was related to the users/groups on the new Solaris server
not being set up correctly. Basically the user running apache didn't have
permission to where the ca was stored. Once we added the apache
I'm sure Steve may be able to answer more succinctly, but generally...
That [Signature Algorithm: sha1WithRSAEncryption] is the signature on the X.509
certificate - nothing to do with TLS at this point. When the certificate is
'sealed', it is done so with a signature - in this case RSA combined
On Fri, Jul 26, 2013, Perrow, Graeme wrote:
> If I do "openssl x509 -in mycert.crt -text" I see "Signature Algorithm:
> sha1WithRSAEncryption". There's no mention of MD5 here but since OpenSSL is
> attempting to load it, I assume it's using the MD5-SHA1 combination. If that
> *is* permitted, why a
If I do "openssl x509 -in mycert.crt -text" I see "Signature Algorithm:
sha1WithRSAEncryption". There's no mention of MD5 here but since OpenSSL is
attempting to load it, I assume it's using the MD5-SHA1 combination. If that
*is* permitted, why am I getting the "disabled for FIPS" error?
Graeme
On Fri, Jul 26, 2013, Carl Young wrote:
> As far as I remember, the use of MD5 is only allowed in TLS 1 for the
> specific use within the PRF for key generation as the __combination__ of
> SHA-1 and MD5 is not considered weak usage. Use of MD5 elsewhere is still
> disallowed.
>
It is also permit
As far as I remember, the use of MD5 is only allowed in TLS 1 for the specific
use within the PRF for key generation as the __combination__ of SHA-1 and MD5
is not considered weak usage. Use of MD5 elsewhere is still disallowed.
Carl
From: owner-openssl-u
On 25 July 2013 19:08, Dr. Stephen Henson wrote:
> On Thu, Jul 25, 2013, Marios Makassikis wrote:
>
>> On 26 June 2013 18:44, Viktor Dukhovni wrote:
>> > On Wed, Jun 26, 2013 at 05:29:52PM +0200, Marios Makassikis wrote:
>> >
>> >> >> By enabling debug information in the program, I was able to ob
