Closed Bug 1048281 Opened 10 years ago Closed 10 years ago

sec_error_cert_signature_algorithm_disabled with sha512WithRSAEncryption in FF33.02a

Categories

(Core :: Security: PSM, defect)

33 Branch
x86_64
Windows 7
defect
Not set
normal

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: danielkr, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 (Beta/Release)
Build ID: 20140804004002

Steps to reproduce:

Hi folks,
upgrading to Firefox 33.02a, my CACert.org-signed certificates do not work and only show the sec_error_cert_signature_algorithm_disabled-errorpage.
Even when using the 'add exepction'-field, I cannot access the website.


Actual results:

Using this (newly generated) certificate:
openssl x509 -text -in my.pem
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: ...
    Signature Algorithm: sha512WithRSAEncryption
        Issuer: O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing Authority/emailAddress=support@cacert.org
        Validity
            Not Before: Aug  4 11:46:24 2014 GMT
            Not After : Aug  3 11:46:24 2016 GMT
        Subject: CN=...
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                ....
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment, Key Agreement
            X509v3 Extended Key Usage:
                TLS Web Client Authentication, TLS Web Server Authentication, Netscape Server Gated Crypto, Microsoft Server Gated Crypto
            Authority Information Access:
                OCSP - URI:http://ocsp.cacert.org/

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://crl.cacert.org/revoke.crl

            X509v3 Subject Alternative Name:
                ...
    Signature Algorithm: sha512WithRSAEncryption
         ...
I only get the sec_error_cert_signature_algorithm_disabled-errorpage.
My last certificate was only 3 months old but showed the same results.


Expected results:

I expected the webpage to load.
Or any information about what specific algorithm is the problem here.
Or the 'add to exceptions'-functionality to work so I can access my website.
I'd be happy to help with further information if possible.
Regards,
daniel
Could you paste the URL of your website if it's public.
Component: Untriaged → Security: PSM
Flags: needinfo?(danielkr)
Product: Firefox → Core
Unfortunately, the URL is not public.
However, I created a new profile and the problem disappeared. The certificate is now longer marked as 'disabled signing algorithm' in the detailed view.
I then tried some files from the old profile and it seems the certificate.db or the other databases/stores were corrupt - for whatever reason after the upgrade...
So I found a solution for my problem but cannot say if it was caused by corrupted files or some Firefox internals.
Flags: needinfo?(danielkr)
Ty for the feedback.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.