#45 XCA makes invalid certs

closed-fixed
nobody
None
5
2009-03-02
2007-07-10
Wolf Windshadow
No

When creating a CA cert the end result comes up as not being a valid cert when checked by windows or linux, but lists as valid in XCA.

Discussion

  • Flow86
    Flow86
    2007-07-10

    Logged In: YES
    user_id=1262220
    Originator: NO

    Same problem here - always "bad signature found in certificate" - thats really annoying.

     
  • Flow86
    Flow86
    2007-07-10

    Logged In: YES
    user_id=1262220
    Originator: NO

    Same problem here - always "bad signature found in certificate" - thats really annoying.

     
  • Logged In: YES
    user_id=609294
    Originator: NO

    Try the hash-algo SHA1. This can be set as default for al signing operations by the options dialog.
    The current default SHA256 isn't understood by openssl 0.9.7 and W2K, WXP.
    If the problem remains with SHA1, please attach a sample cert.

     
  • Craig McQueen
    Craig McQueen
    2008-07-22

    Logged In: YES
    user_id=1579704
    Originator: NO

    I had the same issue with Firefox 3. It looks as though SHA256 isn't a good default. Could SHA1 be made the default?

     
  • Mark Foster
    Mark Foster
    2008-09-05

    Logged In: YES
    user_id=847215
    Originator: NO

    Just got bit by this.
    Used SHA256 (the default) and am unable to use openldap ldapsearch either starttls or vanilla ldaps:// because the certificate verification fails:
    ldap_start_tls: Connect error (-11)
    additional info: error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm

    Looking at the collection of common CAs as found in /etc/ssl/certs on my ubuntu hardy system, virtually all of them use Signature Algorithm: sha1WithRSAEncryption

    I'll submit a patch to "fix" the default.

     
  • Assume SHA256 incompatibilites as source of this Bug.

    Changed the default back to SHA1 to avoid bugs like this

     
    • status: open --> closed
     
    • status: closed --> closed-fixed
     
  • fixed with commit 1a47ce9c22cde97476aa5fe170119579cae4a584