Cdm Sysadmin
asked on
How to create an SSL CSR with signature algorithms md5withrsa or sha1withrsa on Ubuntu 14 Apache2
I need to enable SSL on a website that is running on an Ubuntu 14.04 (Apache2) LAMP server, so I created a CSR using the following commands:
"openssl req -new -days 365 -nodes -keyout www.mydomain.com.key -out www.mydomain.com.csr"
However, when I go to my registrar, Network Solutions, to validate the CSR I get the following error:
"The CSR provided uses an unsupported signature algorithm. Supported algorithms are: md5withrsa, sha1withrsa, oid 1.2.840.113549.1.1.4, oid 1.2.840.113549.1.1.5"
My problem is that I don't have experience with linux web servers and how the CSR is created in this environment and I have no clue on how to create the CSR that will be compatible with the Network Solutions validation process.
I would greatly appreciate any information, suggestions, advice you can provide to help me resolve this issue. Thank you in advance!
"openssl req -new -days 365 -nodes -keyout www.mydomain.com.key -out www.mydomain.com.csr"
However, when I go to my registrar, Network Solutions, to validate the CSR I get the following error:
"The CSR provided uses an unsupported signature algorithm. Supported algorithms are: md5withrsa, sha1withrsa, oid 1.2.840.113549.1.1.4, oid 1.2.840.113549.1.1.5"
My problem is that I don't have experience with linux web servers and how the CSR is created in this environment and I have no clue on how to create the CSR that will be compatible with the Network Solutions validation process.
I would greatly appreciate any information, suggestions, advice you can provide to help me resolve this issue. Thank you in advance!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Very few CAs sign DSA and ECDSA server keys...
ASKER
Note: The article in the link above does not mention that you have to add "-sha1" at the end of the command in order for the CSR to be validated at Network Solutions. Here is the full command that creates a CSR with the supported signature algorithm:
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr –sha1
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr –sha1
Glad you found manual page :)
ASKER
http://www.networksolutions.com/support/csr-for-apache-with-mod-ssl-openssl/