httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: [users@httpd] Cannot get certificate chain to work.
Date Thu, 09 Oct 2014 18:17:34 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

De,

On 10/7/14 11:27 PM, dE wrote:
> $ openssl x509 -noout -in server.pem -text Certificate: Data: 
> Version: 1 (0x0) Serial Number: 13192573755114198537 
> (0xb7156feedab91609) Signature Algorithm: sha1WithRSAEncryption 
> Issuer: C=AU, ST=Some-State, O=intermediate, CN=intermediate 
> Validity Not Before: Oct  7 08:43:42 2014 GMT Not After : Oct  2 
> 08:43:42 2015 GMT Subject: C=AU, ST=Some-State, O=server, OU=IT, 
> CN=server Subject Public Key Info: Public Key Algorithm: 
> rsaEncryption Public-Key: (1024 bit)

1024-bit keys?

Perhaps the browsers are smart enough not to trust those.

> $ openssl x509 -noout -in intermediate.pem -text Certificate:
> Data: Version: 1 (0x0) Serial Number: 11894061023072807904 
> (0xa510317ba912ebe0) Signature Algorithm: sha1WithRSAEncryption 
> Issuer: C=AU, ST=Some-State, O=issuer, OU=signing, CN=issuer 
> Validity Not Before: Oct  7 08:42:05 2014 GMT Not After : Oct  2 
> 08:42:05 2015 GMT Subject: C=AU, ST=Some-State, O=intermediate, 
> CN=intermediate Subject Public Key Info: Public Key Algorithm: 
> rsaEncryption Public-Key: (1024 bit)

Hmm.

> $ openssl x509 -noout -in issuer.pem -text Certificate: Data: 
> Version: 1 (0x0) Serial Number: 18284349327322698662 
> (0xfdbf0ed6ac38d3a6) Signature Algorithm: sha1WithRSAEncryption 
> Issuer: C=AU, ST=Some-State, O=issuer, OU=signing, CN=issuer 
> Validity Not Before: Oct  7 08:40:29 2014 GMT Not After : Oct  7 
> 08:40:29 2015 GMT Subject: C=AU, ST=Some-State, O=issuer, 
> OU=signing, CN=issuer Subject Public Key Info: Public Key 
> Algorithm: rsaEncryption Public-Key: (1024 bit)

Maybe try again with 2048-bit keys or better?

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJUNtE+AAoJEBzwKT+lPKRY+s8QALlighVIWTi27FSczUKYSPmN
dlH6Ltz01C8jthaKNSA1jR3tUzx3lVqvnHbTTX0V6Y/n/rBT9E4/ZUSqND6MLBNE
4nwP2kG3EStCNSk2rt0Xv7iGdzIzi5zLftPfnlzzZoqBZdUc36qKDjzJVeMq79L7
YyamixmrFN9mPI1V5FcazYIKKOU9p5Ok9g+9OPBWi6SOKilwGE9F8maU75Ale1ys
N+pPjUj84RukGK7uWPKqmrC/GewhGaUABaaAUFkPcxIPha3asPzWam5Zxp/MTW41
RDOGUImLaonI4F25BGxJIb7hQlBX8pN6TWtFoEAf0srP0k4M9zLB1G9+cWbgEdiv
O67F99WZdb2PP6MJp3RMrvhnv4W46AA2cByWEuMo40zY3Et//zhkW1AO/VfkzFrD
syGTBGQIBHGaRVfrJMs40rgatwPb5FwaPu8Us7HtStblZ7clqXAXJtLLp63N1pip
+VocquaX7A0VcibiQ+YY89+pIYwulvonXCnQ9YUTfVR4bTDQs3T8BFjoekOTyByW
M2mVgjNLpZmJ5KjtLbm7mKOVde3qip48TSIJXg2STq6+P3+sUbRGLc8l2kl4WOK0
8oQ5dnOMi/hsO4W2+MExiKWSfrP/DDyMIG6AS2/7KZP0pdWoEn5bmNl19yNKzW/f
XoaM5WiTbUDSdux9TEvS
=KBTz
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message