Closed
Bug 1048281
Opened 10 years ago
Closed 10 years ago
sec_error_cert_signature_algorithm_disabled with sha512WithRSAEncryption in FF33.02a
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: danielkr, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 (Beta/Release) Build ID: 20140804004002 Steps to reproduce: Hi folks, upgrading to Firefox 33.02a, my CACert.org-signed certificates do not work and only show the sec_error_cert_signature_algorithm_disabled-errorpage. Even when using the 'add exepction'-field, I cannot access the website. Actual results: Using this (newly generated) certificate: openssl x509 -text -in my.pem Certificate: Data: Version: 3 (0x2) Serial Number: ... Signature Algorithm: sha512WithRSAEncryption Issuer: O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing Authority/emailAddress=support@cacert.org Validity Not Before: Aug 4 11:46:24 2014 GMT Not After : Aug 3 11:46:24 2016 GMT Subject: CN=... Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) .... X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Digital Signature, Key Encipherment, Key Agreement X509v3 Extended Key Usage: TLS Web Client Authentication, TLS Web Server Authentication, Netscape Server Gated Crypto, Microsoft Server Gated Crypto Authority Information Access: OCSP - URI:http://ocsp.cacert.org/ X509v3 CRL Distribution Points: Full Name: URI:http://crl.cacert.org/revoke.crl X509v3 Subject Alternative Name: ... Signature Algorithm: sha512WithRSAEncryption ... I only get the sec_error_cert_signature_algorithm_disabled-errorpage. My last certificate was only 3 months old but showed the same results. Expected results: I expected the webpage to load. Or any information about what specific algorithm is the problem here. Or the 'add to exceptions'-functionality to work so I can access my website. I'd be happy to help with further information if possible. Regards, daniel
Could you paste the URL of your website if it's public.
Component: Untriaged → Security: PSM
Flags: needinfo?(danielkr)
Product: Firefox → Core
Unfortunately, the URL is not public. However, I created a new profile and the problem disappeared. The certificate is now longer marked as 'disabled signing algorithm' in the detailed view. I then tried some files from the old profile and it seems the certificate.db or the other databases/stores were corrupt - for whatever reason after the upgrade... So I found a solution for my problem but cannot say if it was caused by corrupted files or some Firefox internals.
Flags: needinfo?(danielkr)
Ty for the feedback.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•