Signature Algorithm that was disabled because that algorithm is not secure

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Signature Algorithm that was disabled because that algorithm is not secure

Marcus Schmitt
Hello,

I have one problem after I created a root-CA, intermediate-CA and a server certificate. After I configured my apache with the server cert, key and intermediate cert and importing the root-CA to firefox 24 I received the following error when I browse to the website:

Could not verify this certificate because it was signed using a signature algoritm that was disabled because that algorithm is not secure


I assume the reason for this error message is that I see "Certificate Signatore Algorithm" is "PKCS #1 MD5 With RSA Encryption" for the Intermediate Certificate and Server Certificate. For the root-CA I see "PKCS #1 SHA With RSA Encryption".

Unfortunately I was not able to find the reason for this issue, please find the lines I use below:

openssl genrsa -des3 -out private/cakey.pem 2048 -config ./openssl.cnf
openssl req -new -x509 -nodes -days 3650 -key private/cakey.pem -out certs/cacert.pem -config openssl.cnf

openssl genrsa -des3 -out private/cakey.pem 2048 -config ./openssl.cnf
openssl req -new -sha1 -key private/cakey.pem -out csr/ica.csr -config ./openssl.cnf
openssl ca -config ./openssl.cnf -days 1825 -md sha1 -in ica.csr -out ica.crt -extensions v3_ca

openssl genrsa -des3 -out server.key 2048 -config ./openssl.cnf
openssl req -new -sha1 -key private/server.key -out csr/server.csr -config ./openssl.cnf
openssl ca -config ./openssl.cnf -days 730 -md sha1 -in server.csr -out server.crt


Please ignore that it looks like as I overright the files because the files are in different folders.
I would be really happy if someone could help me.


Best Regards Marcus______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Signature Algorithm that was disabled because that algorithm is not secure

Walter H.
Hello,

On 30.10.2013 18:17, Marcus Schmitt wrote:
> I have one problem after I created a root-CA, intermediate-CA and a server certificate. After I configured my apache with the server cert, key and intermediate cert and importing the root-CA to firefox 24 I received the following error when I browse to the website:
>
> Could not verify this certificate because it was signed using a signature algoritm that was disabled because that algorithm is not secure
>
>
> I assume the reason for this error message is that I see "Certificate Signatore Algorithm" is "PKCS #1 MD5 With RSA Encryption" for the Intermediate Certificate and Server Certificate. For the root-CA I see "PKCS #1 SHA With RSA Encryption".
>
> Unfortunately I was not able to find the reason for this issue, please find the lines I use below:
>
The problem is not in one of these lines, it is in the config file
openssl.cnf

> openssl genrsa -des3 -out private/cakey.pem 2048 -config ./openssl.cnf
> openssl req -new -x509 -nodes -days 3650 -key private/cakey.pem -out certs/cacert.pem -config openssl.cnf
>
> openssl genrsa -des3 -out private/cakey.pem 2048 -config ./openssl.cnf
> openssl req -new -sha1 -key private/cakey.pem -out csr/ica.csr -config ./openssl.cnf
> openssl ca -config ./openssl.cnf -days 1825 -md sha1 -in ica.csr -out ica.crt -extensions v3_ca
>
> openssl genrsa -des3 -out server.key 2048 -config ./openssl.cnf
> openssl req -new -sha1 -key private/server.key -out csr/server.csr -config ./openssl.cnf
> openssl ca -config ./openssl.cnf -days 730 -md sha1 -in server.csr -out server.crt
>
look if you find there something similiar to

default_md = md5

change this to

default_md = sha1

and generate your certificates the same way as above

Greetings,
Walter
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Signature Algorithm that was disabled because that algorithm is not secure

Paul Suhler
Note that SHA-1 is being deprecated by NIST for generating new signatures.  You may want to consider a SHA-2 algorithm (e.g., SHA-224 or SHA-256).  In principle it's still okay to *validate* legacy signatures, e.g., SHA-1.

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Walter H.
Sent: Wednesday, October 30, 2013 11:05
To: [hidden email]
Subject: Re: Signature Algorithm that was disabled because that algorithm is not secure

Hello,

On 30.10.2013 18:17, Marcus Schmitt wrote:

> I have one problem after I created a root-CA, intermediate-CA and a server certificate. After I configured my apache with the server cert, key and intermediate cert and importing the root-CA to firefox 24 I received the following error when I browse to the website:
>
> Could not verify this certificate because it was signed using a
> signature algoritm that was disabled because that algorithm is not
> secure
>
>
> I assume the reason for this error message is that I see "Certificate Signatore Algorithm" is "PKCS #1 MD5 With RSA Encryption" for the Intermediate Certificate and Server Certificate. For the root-CA I see "PKCS #1 SHA With RSA Encryption".
>
> Unfortunately I was not able to find the reason for this issue, please find the lines I use below:
>
The problem is not in one of these lines, it is in the config file openssl.cnf

> openssl genrsa -des3 -out private/cakey.pem 2048 -config ./openssl.cnf
> openssl req -new -x509 -nodes -days 3650 -key private/cakey.pem -out
> certs/cacert.pem -config openssl.cnf
>
> openssl genrsa -des3 -out private/cakey.pem 2048 -config ./openssl.cnf
> openssl req -new -sha1 -key private/cakey.pem -out csr/ica.csr -config
> ./openssl.cnf openssl ca -config ./openssl.cnf -days 1825 -md sha1 -in
> ica.csr -out ica.crt -extensions v3_ca
>
> openssl genrsa -des3 -out server.key 2048 -config ./openssl.cnf
> openssl req -new -sha1 -key private/server.key -out csr/server.csr
> -config ./openssl.cnf openssl ca -config ./openssl.cnf -days 730 -md
> sha1 -in server.csr -out server.crt
>
look if you find there something similiar to

default_md = md5

change this to

default_md = sha1

and generate your certificates the same way as above

Greetings,
Walter
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

----------------------------------------------------------------------
The information contained in this transmission may be confidential. Any disclosure, copying, or further distribution of confidential information is not permitted unless such privilege is explicitly granted in writing by Quantum. Quantum reserves the right to have electronic communications, including email and attachments, sent across its networks filtered through anti virus and spam software programs and retain such messages in order to comply with applicable data security and retention requirements. Quantum is not responsible for the proper and complete transmission of the substance of this communication or for any delay in its receipt.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Signature Algorithm that was disabled because that algorithm is not secure

Marcus Schmitt
In reply to this post by Walter H.
Hello Walter,

the problem is that the openssl.cnf file already include this line:

This is my file:

===
# OpenSSL configuration file.
#
 
# Establish working directory.
 
dir                                     = .
 
[ ca ]
default_ca                              = CA_default
 
[ CA_default ]
serial                                  = $dir/serial
database                                = $dir/certindex.txt
new_certs_dir                           = $dir/certs
certificate                             = $dir/cacert.pem
private_key                             = $dir/private/cakey.pem
default_days                            = 365
default_md                              = sha1
preserve                                = no
email_in_dn                             = no
nameopt                                 = default_ca
certopt                                 = default_ca
policy                                  = policy_match
 
[ policy_match ]
countryName                             = match
stateOrProvinceName                     = match
organizationName                        = match
organizationalUnitName                  = optional
commonName                              = supplied
emailAddress                            = optional
 
[ req ]
default_bits                            = 2048                  # Size of keys
default_keyfile                         = key.pem               # name of generated keys
default_md                              = sha1                  # message digest algorithm
string_mask                             = nombstr               # permitted characters
distinguished_name                      = req_distinguished_name
req_extensions                          = v3_req
 
[ req_distinguished_name ]
# Variable name                         Prompt string
#-------------------------        ----------------------------------
0.organizationName                      = Organization Name (company)
organizationalUnitName                  = Organizational Unit Name (department, division)
emailAddress                            = Email Address
emailAddress_max                        = 40
localityName                            = Locality Name (city, district)
stateOrProvinceName                     = State or Province Name (full name)
countryName                             = Country Name (2 letter code)
countryName_min                         = 2
countryName_max                         = 2
commonName                              = Common Name (hostname, IP, or your name)
commonName_max                          = 64
 
[ v3_ca ]
basicConstraints                        = CA:TRUE
subjectKeyIdentifier                    = hash
authorityKeyIdentifier                  = issuer:always
 
[ v3_req ]
basicConstraints                        = CA:FALSE
subjectKeyIdentifier                    = hash
===

Or is there anything wrong with this file ?


   Best Regards Marcus



Am 30.10.2013 um 19:05 schrieb Walter H. <[hidden email]>:

> Hello,
>
> On 30.10.2013 18:17, Marcus Schmitt wrote:
>> I have one problem after I created a root-CA, intermediate-CA and a server certificate. After I configured my apache with the server cert, key and intermediate cert and importing the root-CA to firefox 24 I received the following error when I browse to the website:
>>
>> Could not verify this certificate because it was signed using a signature algoritm that was disabled because that algorithm is not secure
>>
>>
>> I assume the reason for this error message is that I see "Certificate Signatore Algorithm" is "PKCS #1 MD5 With RSA Encryption" for the Intermediate Certificate and Server Certificate. For the root-CA I see "PKCS #1 SHA With RSA Encryption".
>>
>> Unfortunately I was not able to find the reason for this issue, please find the lines I use below:
>>
> The problem is not in one of these lines, it is in the config file openssl.cnf
>> openssl genrsa -des3 -out private/cakey.pem 2048 -config ./openssl.cnf
>> openssl req -new -x509 -nodes -days 3650 -key private/cakey.pem -out certs/cacert.pem -config openssl.cnf
>>
>> openssl genrsa -des3 -out private/cakey.pem 2048 -config ./openssl.cnf
>> openssl req -new -sha1 -key private/cakey.pem -out csr/ica.csr -config ./openssl.cnf
>> openssl ca -config ./openssl.cnf -days 1825 -md sha1 -in ica.csr -out ica.crt -extensions v3_ca
>>
>> openssl genrsa -des3 -out server.key 2048 -config ./openssl.cnf
>> openssl req -new -sha1 -key private/server.key -out csr/server.csr -config ./openssl.cnf
>> openssl ca -config ./openssl.cnf -days 730 -md sha1 -in server.csr -out server.crt
>>
> look if you find there something similiar to
>
> default_md = md5
>
> change this to
>
> default_md = sha1
>
> and generate your certificates the same way as above
>
> Greetings,
> Walter
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Signature Algorithm that was disabled because that algorithm is not secure

Walter H.
Hello Marcus

On 30.10.2013 19:26, Marcus Schmitt wrote:
> nameopt                                 = default_ca
> certopt                                 = default_ca
what do this lines should mean in your openssl.cnf?

can you do the following with each of your generated certificates:

openssl x509 -text -noout -in cert.pem > cert.text

there you should see the mistake in these generated output cert.text

Greetings,
Walter
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Signature Algorithm that was disabled because that algorithm is not secure

Viktor Dukhovni
In reply to this post by Paul Suhler
On Wed, Oct 30, 2013 at 06:13:51PM +0000, Paul Suhler wrote:

> Note that SHA-1 is being deprecated by NIST for generating new
> signatures.  You may want to consider a SHA-2 algorithm (e.g.,
> SHA-224 or SHA-256).  In principle it's still okay to *validate*
> legacy signatures, e.g., SHA-1.

Actually, SHA-2 SHOULD NOT (yet) be used for signing certificates.

Many TLSv1 clients don't support SHA-2 and servers must present
SHA-1 certificates except when TLSv1.2 clients indicate SHA-2
support.  Fielding multiple certificates with different signature
algorithms is too complex.

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Signature Algorithm that was disabled because that algorithm is not secure

Marcus Schmitt
In reply to this post by Marcus Schmitt
Hello,

there is one information I forgot to mention in my previews mails, maybe this is the reason for the problem.

I created the root-CA, Intermediate-CA and the servercert on my MAC (10.8), afterwards I imported the file to my FreeBSD 9.

When I try to create all the CA and certs on my FreeBSD directly I receive the following error:

===
openssl req -new -x509 -nodes -days 3650 -key private/cakey.pem -out certs/cacert.pem -config openssl.cnf

Error Loading request extension section v3_req
11827:error:22071071:X509 V3 routines:string_to_hex:illegal hex digit:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/x509v3/v3_utl.c:441:
11827:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/x509v3/v3_conf.c:93:name=subjectKeyIdentifier, value=hasH
===

Could the issue be caused by the MAC ?
What might be the reason for this issue ?


  Best Regards Marcus


Am 30.10.2013 um 19:26 schrieb Marcus Schmitt <[hidden email]>:

> Hello Walter,
>
> the problem is that the openssl.cnf file already include this line:
>
> This is my file:
>
> ===
> # OpenSSL configuration file.
> #
>
> # Establish working directory.
>
> dir                                     = .
>
> [ ca ]
> default_ca                              = CA_default
>
> [ CA_default ]
> serial                                  = $dir/serial
> database                                = $dir/certindex.txt
> new_certs_dir                           = $dir/certs
> certificate                             = $dir/cacert.pem
> private_key                             = $dir/private/cakey.pem
> default_days                            = 365
> default_md                              = sha1
> preserve                                = no
> email_in_dn                             = no
> nameopt                                 = default_ca
> certopt                                 = default_ca
> policy                                  = policy_match
>
> [ policy_match ]
> countryName                             = match
> stateOrProvinceName                     = match
> organizationName                        = match
> organizationalUnitName                  = optional
> commonName                              = supplied
> emailAddress                            = optional
>
> [ req ]
> default_bits                            = 2048                  # Size of keys
> default_keyfile                         = key.pem               # name of generated keys
> default_md                              = sha1                  # message digest algorithm
> string_mask                             = nombstr               # permitted characters
> distinguished_name                      = req_distinguished_name
> req_extensions                          = v3_req
>
> [ req_distinguished_name ]
> # Variable name                         Prompt string
> #-------------------------        ----------------------------------
> 0.organizationName                      = Organization Name (company)
> organizationalUnitName                  = Organizational Unit Name (department, division)
> emailAddress                            = Email Address
> emailAddress_max                        = 40
> localityName                            = Locality Name (city, district)
> stateOrProvinceName                     = State or Province Name (full name)
> countryName                             = Country Name (2 letter code)
> countryName_min                         = 2
> countryName_max                         = 2
> commonName                              = Common Name (hostname, IP, or your name)
> commonName_max                          = 64
>
> [ v3_ca ]
> basicConstraints                        = CA:TRUE
> subjectKeyIdentifier                    = hash
> authorityKeyIdentifier                  = issuer:always
>
> [ v3_req ]
> basicConstraints                        = CA:FALSE
> subjectKeyIdentifier                    = hash
> ===
>
> Or is there anything wrong with this file ?
>
>
>   Best Regards Marcus
>
>
>
> Am 30.10.2013 um 19:05 schrieb Walter H. <[hidden email]>:
>
>> Hello,
>>
>> On 30.10.2013 18:17, Marcus Schmitt wrote:
>>> I have one problem after I created a root-CA, intermediate-CA and a server certificate. After I configured my apache with the server cert, key and intermediate cert and importing the root-CA to firefox 24 I received the following error when I browse to the website:
>>>
>>> Could not verify this certificate because it was signed using a signature algoritm that was disabled because that algorithm is not secure
>>>
>>>
>>> I assume the reason for this error message is that I see "Certificate Signatore Algorithm" is "PKCS #1 MD5 With RSA Encryption" for the Intermediate Certificate and Server Certificate. For the root-CA I see "PKCS #1 SHA With RSA Encryption".
>>>
>>> Unfortunately I was not able to find the reason for this issue, please find the lines I use below:
>>>
>> The problem is not in one of these lines, it is in the config file openssl.cnf
>>> openssl genrsa -des3 -out private/cakey.pem 2048 -config ./openssl.cnf
>>> openssl req -new -x509 -nodes -days 3650 -key private/cakey.pem -out certs/cacert.pem -config openssl.cnf
>>>
>>> openssl genrsa -des3 -out private/cakey.pem 2048 -config ./openssl.cnf
>>> openssl req -new -sha1 -key private/cakey.pem -out csr/ica.csr -config ./openssl.cnf
>>> openssl ca -config ./openssl.cnf -days 1825 -md sha1 -in ica.csr -out ica.crt -extensions v3_ca
>>>
>>> openssl genrsa -des3 -out server.key 2048 -config ./openssl.cnf
>>> openssl req -new -sha1 -key private/server.key -out csr/server.csr -config ./openssl.cnf
>>> openssl ca -config ./openssl.cnf -days 730 -md sha1 -in server.csr -out server.crt
>>>
>> look if you find there something similiar to
>>
>> default_md = md5
>>
>> change this to
>>
>> default_md = sha1
>>
>> and generate your certificates the same way as above
>>
>> Greetings,
>> Walter
>> ______________________________________________________________________
>> OpenSSL Project                                 http://www.openssl.org
>> User Support Mailing List                    [hidden email]
>> Automated List Manager                           [hidden email]
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Signature Algorithm that was disabled because that algorithm is not secure

Dave Thompson-5
> From: owner-openssl-users On Behalf Of Marcus Schmitt
> Sent: Monday, November 04, 2013 10:31

> I created the root-CA, Intermediate-CA and the servercert on my MAC
> (10.8), afterwards I imported the file to my FreeBSD 9.
>
> When I try to create all the CA and certs on my FreeBSD directly I receive
the
> following error:
>
> ===
> openssl req -new -x509 -nodes -days 3650 -key private/cakey.pem -out
> certs/cacert.pem -config openssl.cnf
>
> Error Loading request extension section v3_req
> 11827:error:22071071:X509 V3 routines:string_to_hex:illegal hex
>
digit:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/x509v3/v3
_
> utl.c:441:
> 11827:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in
>
extension:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/x509v
> 3/v3_conf.c:93:name=subjectKeyIdentifier, value=hasH
> ===
>
> Could the issue be caused by the MAC ?
> What might be the reason for this issue ?
>
Look carefully at the error message; you have subjectKeyIdentifier=hasH
with an uppercase H when it should be lowercase.

Did you "import" the openssl.cnf file and if so how? ftp, rcp, scp, smb,
USB, etc?
Or did you retype it? If you retype, some things including this must be
exact.

Mac OSX (and earlier) *filenames* are (at least usually) case-insensitive,
but AFAIK no Macs ever ignored case for entering or changing text *in* a
file.



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Signature Algorithm that was disabled because that algorithm is not secure

Paul Suhler
In reply to this post by Viktor Dukhovni
Two weeks ago Viktor Dukhovni wrote:
> Actually, SHA-2 SHOULD NOT (yet) be used for signing certificates.
>
> Many TLSv1 clients don't support SHA-2 and servers must present
> SHA-1 certificates except when TLSv1.2 clients indicate SHA-2 support.  Fielding multiple certificates with different
> signature algorithms is too complex.

-----------------------------
Good point.  Microsoft isn't rushing to drop recognition of SHA-1 signatures:

http://arstechnica.com/security/2013/11/hoping-to-avert-collision-with-disaster-microsoft-retires-sha1/

" The company's software will stop recognizing the validity of digital certificates that use the SHA1 cryptographic algorithm after 2016 ..."

Thanks,

Paul

----------------------------------------------------------------------
The information contained in this transmission may be confidential. Any disclosure, copying, or further distribution of confidential information is not permitted unless such privilege is explicitly granted in writing by Quantum. Quantum reserves the right to have electronic communications, including email and attachments, sent across its networks filtered through anti virus and spam software programs and retain such messages in order to comply with applicable data security and retention requirements. Quantum is not responsible for the proper and complete transmission of the substance of this communication or for any delay in its receipt.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]