Can someone tell me why default_md in /etc/ssl/openssl.cnf is set to MD5 despite known practical attacks?
Also, why after deleting CA/system certificates and recreating them does updating user certificates fail? And why can't you re CreateDefaultUserCeritificate (Think Ssl.php API) from the web interface? I've wasted so much time recreating certificates by recreating users after discovering this default setting.
Also, why after deleting CA/system certificates and recreating them does updating user certificates fail? And why can't you re CreateDefaultUserCeritificate (Think Ssl.php API) from the web interface? I've wasted so much time recreating certificates by recreating users after discovering this default setting.
Share this post:
Responses (2)
-
Accepted Answer
Good point - it would appear that the default config for the OpenSSL package is to use sha1. (/etc/pki/tls/openssl.cnf). However app-ssl still uses md5...I'll add it to the bug tracker
Last time I changed CA/system certificate I don't recall having to recreate the user certs, but its such a long time ago I could be wrong. If you login to the webconfig as that user - you can create and download their own certificate?
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »