From mboxrd@z Thu Jan 1 00:00:00 1970 Content-type: text/plain; charset=utf-8 MIME-version: 1.0 (Mac OS X Mail 8.2 \(2098\)) From: Brantley Coile In-reply-to: Date: Mon, 25 May 2015 15:06:34 -0400 Content-transfer-encoding: quoted-printable Message-id: References: To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Subject: Re: [9fans] How do I get a CSR CA's like? Topicbox-Message-UUID: 55d56736-ead9-11e9-9d60-3106f5b1d025 Turns out the CSR wasn=E2=80=99t acceptable because of the MD5 = signature. It seems the that they should be signed as RSA and not MD5. = MD5 is not deemed secure enough. The plan 9 code is signing everything = with MD5. Who owns this code? Has anyone fixed this yet? > On May 24, 2015, at 11:10 AM, Skip Tavakkolian <9nut@9netics.com> = wrote: >=20 > going by my notes from the last time i used plan9 tools to generate a > CSR, the only differences i see are quoting the O attribute to handle > spaces in organization name and dropping the word "SIGNING" from > PEM header/footer. >=20 >> Thanks all. It goes through sslshopper fine, but the CA still = doesn=E2=80=99t like it. I=E2=80=99ll call them tomorrow. Thanks for = all the help. >>=20 >> bwc >>=20 >>> On May 23, 2015, at 1:08 PM, lucio@proxima.alt.za wrote: >>>=20 >>>> I then pasted the contents of =E2=80=98csr=E2=80=99 into the page = and get =E2=80=9CThis CSR >>>> has an invalid signature!=E2=80=9D >>>=20 >>> It's worth playing with openssl to check the output from = auth/rsa2csr. >>> The diagnostics are bound to be a bit less vague. Trying your >>> instructions, the PEM encoded csr includes the seemingly unwanted = word >>> "SIGNING" in the headers. When I remove it (and a space) openssl = req >>> reports a valid certificate request. >>>=20 >>> Lucio. >>>=20 >>>=20 >=20 >=20