self-signed certificate gives "sec_error_bad_signature"
 

Hello,

I've created a self-signed certificate as follow :

openssl genrsa -des3 -out my-ca.key 2048

openssl req -new -x509 -days 3650 -key my-ca.key -out my-ca.crt

openssl genrsa -des3 -out myssl-server.key 1024

openssl x509 -req -in myssl-server.csr -out myssl-server.crt -sha1 -CA my-ca.crt -CAkey my-ca.key -CAcreateserial -days 3650

cp my-ca.crt /etc/pki/tls/certs/my-ca.crt
cp my-ca.key /etc/pki/tls/private/ca.key
cp myssl-server.csr /etc/pki/tls/private/myssl-server.csr
cp myssl-server.key /etc/pki/tls/private/myssl-server.key
cp myssl-server.crt /etc/pki/tls/certs/myssl-server.crt


mkdir /var/www/vhosts/myssl-server.domain.tld/httpsdocs

vi /etc/httpd/conf/httpd.conf
Include myssl-server.conf

vi myssl-server.conf

<VirtualHost *:443>
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM
SSLCertificateFile /etc/pki/tls/certs/myssl-server.crt
SSLCertificateKeyFile /etc/pki/tls/private/myssl-server.key
SSLCertificateChainFile /etc/pki/tls/certs/my-ca.crt
SSLCACertificateFile /etc/pki/tls/certs/my-ca.crt
<Directory /var/www/vhosts/myssl-server.domain.tld/httpsdocs>
AllowOverride All
</Directory>
DocumentRoot /var/www/vhosts/myssl-server.domain.tld/httpsdocs
ServerName myssl-server.domain.tld
</VirtualHost>


After having created the server certificates, I'm getting the following in my Firefox browser :

Peer's certificate has an invalid signature.
(Error code: sec_error_bad_signature)

What am I missing here ?

10 seconds on Google says this is just firefox not knowing the CA - http://www.roachy.net/tag/error-code...bad_signature/

Note that you've NOT got a self-signed cert, you've got a cert signed by a private CA. The difference can be very important.

It was not the problem with firefox not knowing the certificate. Normally it should ask to add the unknown certificate.

I have rebuild my own CA, my key and my certificate and then it works fine !

Don't know what exactly went wrong.

Thanks for your reply.