From mboxrd@z Thu Jan 1 00:00:00 1970 Content-type: text/plain; charset=utf-8 MIME-version: 1.0 (Mac OS X Mail 8.2 \(2098\)) From: Brantley Coile In-reply-to: <6A91E315-1948-495F-AE09-0BCB131F4948@me.com> Date: Tue, 26 May 2015 10:46:20 -0400 Content-transfer-encoding: quoted-printable Message-id: <71E1E621-8E09-4D34-AC48-1FBF300F465E@me.com> References: <6CADF85A-1006-4B64-89EE-626DA9BCADCB@me.com> <6A91E315-1948-495F-AE09-0BCB131F4948@me.com> To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Subject: Re: [9fans] How do I get a CSR CA's like? Topicbox-Message-UUID: 560e6d56-ead9-11e9-9d60-3106f5b1d025 (Ducking smelling connection!) Use sha1. > On May 26, 2015, at 10:44 AM, Brantley Coile = wrote: >=20 > Fixed. Use shall instead of md5 and everyone is happy. >=20 >> On May 26, 2015, at 9:27 AM, Brantley Coile = wrote: >>=20 >> UPDATE: >>=20 >> I now have reason to believe that they just removed MD5 from known = signing algorithms, and that a SHA1 will work. Anyone know anything = about this? >>=20 >> Thanks, >> bwc >>=20 >>> On May 25, 2015, at 3:06 PM, Brantley Coile = wrote: >>>=20 >>> Turns out the CSR wasn=E2=80=99t acceptable because of the MD5 = signature. It seems the that they should be signed as RSA and not MD5. = MD5 is not deemed secure enough. The plan 9 code is signing everything = with MD5. Who owns this code? Has anyone fixed this yet? >>>=20 >>>> On May 24, 2015, at 11:10 AM, Skip Tavakkolian <9nut@9netics.com> = wrote: >>>>=20 >>>> going by my notes from the last time i used plan9 tools to generate = a >>>> CSR, the only differences i see are quoting the O attribute to = handle >>>> spaces in organization name and dropping the word "SIGNING" from >>>> PEM header/footer. >>>>=20 >>>>> Thanks all. It goes through sslshopper fine, but the CA still = doesn=E2=80=99t like it. I=E2=80=99ll call them tomorrow. Thanks for = all the help. >>>>>=20 >>>>> bwc >>>>>=20 >>>>>> On May 23, 2015, at 1:08 PM, lucio@proxima.alt.za wrote: >>>>>>=20 >>>>>>> I then pasted the contents of =E2=80=98csr=E2=80=99 into the = page and get =E2=80=9CThis CSR >>>>>>> has an invalid signature!=E2=80=9D >>>>>>=20 >>>>>> It's worth playing with openssl to check the output from = auth/rsa2csr. >>>>>> The diagnostics are bound to be a bit less vague. Trying your >>>>>> instructions, the PEM encoded csr includes the seemingly unwanted = word >>>>>> "SIGNING" in the headers. When I remove it (and a space) openssl = req >>>>>> reports a valid certificate request. >>>>>>=20 >>>>>> Lucio. >>>>>>=20 >>>>>>=20 >>>>=20 >>>>=20 >>>=20 >>>=20 >>=20 >>=20 >=20