From: Brantley Coile <brantleycoile@me.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Subject: Re: [9fans] How do I get a CSR CA's like?
Date: Tue, 26 May 2015 10:44:59 -0400 [thread overview]
Message-ID: <6A91E315-1948-495F-AE09-0BCB131F4948@me.com> (raw)
In-Reply-To: <6CADF85A-1006-4B64-89EE-626DA9BCADCB@me.com>
Fixed. Use shall instead of md5 and everyone is happy.
> On May 26, 2015, at 9:27 AM, Brantley Coile <brantleycoile@me.com> wrote:
>
> UPDATE:
>
> I now have reason to believe that they just removed MD5 from known signing algorithms, and that a SHA1 will work. Anyone know anything about this?
>
> Thanks,
> bwc
>
>> On May 25, 2015, at 3:06 PM, Brantley Coile <brantleycoile@me.com> wrote:
>>
>> Turns out the CSR wasn’t acceptable because of the MD5 signature. It seems the that they should be signed as RSA and not MD5. MD5 is not deemed secure enough. The plan 9 code is signing everything with MD5. Who owns this code? Has anyone fixed this yet?
>>
>>> On May 24, 2015, at 11:10 AM, Skip Tavakkolian <9nut@9netics.com> wrote:
>>>
>>> going by my notes from the last time i used plan9 tools to generate a
>>> CSR, the only differences i see are quoting the O attribute to handle
>>> spaces in organization name and dropping the word "SIGNING" from
>>> PEM header/footer.
>>>
>>>> Thanks all. It goes through sslshopper fine, but the CA still doesn’t like it. I’ll call them tomorrow. Thanks for all the help.
>>>>
>>>> bwc
>>>>
>>>>> On May 23, 2015, at 1:08 PM, lucio@proxima.alt.za wrote:
>>>>>
>>>>>> I then pasted the contents of ‘csr’ into the page and get “This CSR
>>>>>> has an invalid signature!”
>>>>>
>>>>> It's worth playing with openssl to check the output from auth/rsa2csr.
>>>>> The diagnostics are bound to be a bit less vague. Trying your
>>>>> instructions, the PEM encoded csr includes the seemingly unwanted word
>>>>> "SIGNING" in the headers. When I remove it (and a space) openssl req
>>>>> reports a valid certificate request.
>>>>>
>>>>> Lucio.
>>>>>
>>>>>
>>>
>>>
>>
>>
>
>
next prev parent reply other threads:[~2015-05-26 14:44 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-23 15:31 Brantley Coile
2015-05-23 16:40 ` David du Colombier
2015-05-23 17:08 ` lucio
2015-05-24 12:10 ` Brantley Coile
2015-05-24 13:07 ` lucio
2015-05-24 15:10 ` Skip Tavakkolian
2015-05-25 19:06 ` Brantley Coile
2015-05-26 13:27 ` Brantley Coile
2015-05-26 14:44 ` Brantley Coile [this message]
2015-05-26 14:46 ` Brantley Coile
2015-05-26 18:00 ` lucio
2015-05-26 19:35 ` Brantley Coile
2015-05-26 19:44 ` Joe Bowers
2015-05-27 2:24 ` lucio
2015-05-27 16:41 ` cinap_lenrek
2015-05-27 17:57 ` cinap_lenrek
2015-05-23 17:43 ` balaji
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6A91E315-1948-495F-AE09-0BCB131F4948@me.com \
--to=brantleycoile@me.com \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).