Groups | Search | Server Info | Login | Register

Groups > alt.apache.configuration > #4374

Re: OpenSSL method for creating certificate outdated for Google Chrome?

Show all headers | View raw

wrote in message news:ad7b3f32-00c8-4345-86c9-5239d26eb07a@googlegroups.com...
ขึเมื่อ วันเสาร์ที่ 27 ธันวาคม ค.ศ. 2014 18 นาฬิกา 55 นาที 12 วินาที UTC+7, Thomas Barth เขียนว่า:
> Hello,
> I had to renew a self signed certificate for Apache2 webserver
> (Apache/2.2.16 Debian) and after importing the certificate as CA, Google
> Chrome still says, that the Website is using old security settings and
> it may be possible that further chrome versions can't read the settings
> for sure. I would like to know what I have to change to get rid of this
> warning.
>
> I used the official openssl method to create the certificate as
> described in https://www.openssl.org/docs/HOWTO/certificates.txt
>
> # generate private rsa key
> openssl genrsa -out sub.domain.key 4096
>...

It's not your commands or Apache configuration that's biting you.  It's the openssl configuration.

Look for the "default_md" parameter in the "CA_default" section and make certain it says sha256 or better.

You could also look at the "-text" output of your certificate(s) and make certain they're not starting with "sha1" or "md5".  If 
they are, you need to regenerate them.  Don't forget that if you're using TLSA records in your DNS zones to regenerate the 
signatures as well. 

Back to alt.apache.configuration | Previous | Next — Previous in thread | Find similar

Thread

Re: OpenSSL method for creating certificate outdated for Google Chrome? ammy5030@gmail.com - 2019-01-14 08:38 -0800
  Re: OpenSSL method for creating certificate outdated for Google Chrome? Lorinczy Zsigmond <zsiga@nospam.for.me> - 2019-01-24 11:26 +0100
  Re: OpenSSL method for creating certificate outdated for Google Chrome? "D. Stussy" <spam@spam.org> - 2019-02-05 22:56 -0800

csiph-web