搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

TLS fails on linux self-signed certs

  • 7 回覆
  • 29 有這個問題
  • 1 次檢視
  • 最近回覆由 ctmattice

more options

on firefox 38.1.0 running on centOS 6.6 I'm having issue with TLS.

when this first happened I re did the cert using 2048 byte keys. This seemed to take care of the issue when navigating to addresses similar to https://localhost/somesite, however, if I try https://localhost:10000 it always fails with:

An error occurred during a connection to localhost.localdomain:10000. The server certificate included a public key that was too weak. (Error code: ssl_error_weak_server_cert_key)

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem.

The certificate Signature algorithim is -> PKCS #1 SHA-1 With RSA Encryption

The public key algorithim is -> PKCS #1 RSA Encryption

The key was create on 07/06/15 for a 10 year period, It is a Version 1 cert issued by myself with the following info E = [email protected] CN = localhost OU = hq O = permite L = Stone Mountain ST = ga C = us

on firefox 38.1.0 running on centOS 6.6 I'm having issue with TLS. when this first happened I re did the cert using 2048 byte keys. This seemed to take care of the issue when navigating to addresses similar to https://localhost/somesite, however, if I try https://localhost:10000 it always fails with: An error occurred during a connection to localhost.localdomain:10000. The server certificate included a public key that was too weak. (Error code: ssl_error_weak_server_cert_key) The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. The certificate Signature algorithim is -> PKCS #1 SHA-1 With RSA Encryption The public key algorithim is -> PKCS #1 RSA Encryption The key was create on 07/06/15 for a 10 year period, It is a Version 1 cert issued by myself with the following info E = [email protected] CN = localhost OU = hq O = permite L = Stone Mountain ST = ga C = us

被選擇的解決方法

This was a webmin problem.

To fix this edit /etc/webmin/miniserv.pem replace the cert and private key sections.

Use a new generated key and self-signed cert. If you follow centOS instructions the location of the files are /etc/pki/tls/private/ca.key and /etc/pki/tls/certs/ca.crt

從原來的回覆中察看解決方案 👍 0

所有回覆 (7)

more options

Are there more than one cert listed in the certificate manager? Is the cert using ssl3?

more options

guigs said

Are there more than one cert listed in the certificate manager? Is the cert using ssl3?

No only one cert and ssl3 is disabled, only using TLS1.0 and above.

more options

Fallback tls is the third version if not specified. The Dh is not specified so its not the logjam encryption vulnerability.

Could you re-creating your self-signed key?

A work around I have seen is if it works in Windows you can export the certs working in another browser and import those versions, but this does not address the immediate issue.

See if it follows the CA guidelines. Edit the big one was the recent logjam algos: https://communities.bmc.com/thread/131855

由 guigs 於 修改

more options

Replaced the self-signed cert, double checked no other private keys or certs were present. Still have the same issue.

Any thing with a address of https://example.com/somelink works

Tried https://example.com:443 it works as expected. The port # 10000 is typically used by webmin so I'll check over there and see if they have any reports about this

more options

選擇的解決方法

This was a webmin problem.

To fix this edit /etc/webmin/miniserv.pem replace the cert and private key sections.

Use a new generated key and self-signed cert. If you follow centOS instructions the location of the files are /etc/pki/tls/private/ca.key and /etc/pki/tls/certs/ca.crt

由 ctmattice 於 修改

more options

Just curious, is this on the server or a work around for a centOs pc?

more options

This was on a server.

The problem lies within webmin and discovered when I uninstalled then reinstalled the yum repository. In the installation process they create a self-signed cert which is too weak for the lastest firefox version.