Groups | Search | Server Info | Keyboard shortcuts | Login | Register
Groups > alt.apache.configuration > #4374
| Path | csiph.com!xmission!news.snarked.org!.POSTED.71-38-210-38.lsv2.qwest.net!not-for-mail |
|---|---|
| From | "D. Stussy" <spam@spam.org> |
| Newsgroups | alt.apache.configuration |
| Subject | Re: OpenSSL method for creating certificate outdated for Google Chrome? |
| Date | Tue, 5 Feb 2019 22:56:18 -0800 |
| Lines | 1 |
| Message-ID | <q3e0ei$dh2$1@server.snarked.org> (permalink) |
| References | <cg7l0uFqd6aU1@mid.individual.net> <ad7b3f32-00c8-4345-86c9-5239d26eb07a@googlegroups.com> |
| Reply-To | "D. Stussy" <newsgroups+replies@kd6lvw.ampr.org> |
| Mime-Version | 1.0 |
| Content-Type | text/plain; format=flowed; charset="UTF-8"; reply-type=original |
| Content-Transfer-Encoding | 8bit |
| Injection-Date | Wed, 6 Feb 2019 06:56:18 -0000 (UTC) |
| Injection-Info | server.snarked.org; posting-host="71-38-210-38.lsv2.qwest.net:71.38.210.38"; logging-data="13858"; mail-complaints-to="newsmaster+complaints@snarked.org" |
| X-Priority | 3 |
| Importance | Normal |
| X-MimeOLE | Produced By Microsoft MimeOLE V15.4.3538.513 |
| X-No-Archive | Yes |
| In-Reply-To | <ad7b3f32-00c8-4345-86c9-5239d26eb07a@googlegroups.com> |
| X-Newsreader | Microsoft Windows Live Mail 15.4.3538.513 |
| X-MSMail-Priority | Normal |
| Xref | csiph.com alt.apache.configuration:4374 |
Show key headers only | View raw
wrote in message news:ad7b3f32-00c8-4345-86c9-5239d26eb07a@googlegroups.com... ขึเมื่อ วันเสาร์ที่ 27 ธันวาคม ค.ศ. 2014 18 นาฬิกา 55 นาที 12 วินาที UTC+7, Thomas Barth เขียนว่า: > Hello, > I had to renew a self signed certificate for Apache2 webserver > (Apache/2.2.16 Debian) and after importing the certificate as CA, Google > Chrome still says, that the Website is using old security settings and > it may be possible that further chrome versions can't read the settings > for sure. I would like to know what I have to change to get rid of this > warning. > > I used the official openssl method to create the certificate as > described in https://www.openssl.org/docs/HOWTO/certificates.txt > > # generate private rsa key > openssl genrsa -out sub.domain.key 4096 >... It's not your commands or Apache configuration that's biting you. It's the openssl configuration. Look for the "default_md" parameter in the "CA_default" section and make certain it says sha256 or better. You could also look at the "-text" output of your certificate(s) and make certain they're not starting with "sha1" or "md5". If they are, you need to regenerate them. Don't forget that if you're using TLSA records in your DNS zones to regenerate the signatures as well.
Back to alt.apache.configuration | Previous | Next — Previous in thread | Find similar
Re: OpenSSL method for creating certificate outdated for Google Chrome? ammy5030@gmail.com - 2019-01-14 08:38 -0800 Re: OpenSSL method for creating certificate outdated for Google Chrome? Lorinczy Zsigmond <zsiga@nospam.for.me> - 2019-01-24 11:26 +0100 Re: OpenSSL method for creating certificate outdated for Google Chrome? "D. Stussy" <spam@spam.org> - 2019-02-05 22:56 -0800
csiph-web