self-signed certificate gives "sec_error_bad_signature"
Hello,
I've created a self-signed certificate as follow : openssl genrsa -des3 -out my-ca.key 2048 openssl req -new -x509 -days 3650 -key my-ca.key -out my-ca.crt openssl genrsa -des3 -out myssl-server.key 1024 openssl x509 -req -in myssl-server.csr -out myssl-server.crt -sha1 -CA my-ca.crt -CAkey my-ca.key -CAcreateserial -days 3650 cp my-ca.crt /etc/pki/tls/certs/my-ca.crt cp my-ca.key /etc/pki/tls/private/ca.key cp myssl-server.csr /etc/pki/tls/private/myssl-server.csr cp myssl-server.key /etc/pki/tls/private/myssl-server.key cp myssl-server.crt /etc/pki/tls/certs/myssl-server.crt mkdir /var/www/vhosts/myssl-server.domain.tld/httpsdocs vi /etc/httpd/conf/httpd.conf Include myssl-server.conf vi myssl-server.conf <VirtualHost *:443> SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite HIGH:MEDIUM SSLCertificateFile /etc/pki/tls/certs/myssl-server.crt SSLCertificateKeyFile /etc/pki/tls/private/myssl-server.key SSLCertificateChainFile /etc/pki/tls/certs/my-ca.crt SSLCACertificateFile /etc/pki/tls/certs/my-ca.crt <Directory /var/www/vhosts/myssl-server.domain.tld/httpsdocs> AllowOverride All </Directory> DocumentRoot /var/www/vhosts/myssl-server.domain.tld/httpsdocs ServerName myssl-server.domain.tld </VirtualHost> After having created the server certificates, I'm getting the following in my Firefox browser : Peer's certificate has an invalid signature. (Error code: sec_error_bad_signature) What am I missing here ? |
10 seconds on Google says this is just firefox not knowing the CA - http://www.roachy.net/tag/error-code...bad_signature/
Note that you've NOT got a self-signed cert, you've got a cert signed by a private CA. The difference can be very important. |
It was not the problem with firefox not knowing the certificate. Normally it should ask to add the unknown certificate.
I have rebuild my own CA, my key and my certificate and then it works fine ! Don't know what exactly went wrong. Thanks for your reply. |
All times are GMT -5. The time now is 01:43 PM. |