Project

General

Profile

Actions

Bug #7853

closed

Signed CSRs always use SHA1, which is weak

Added by Jim Pingle over 7 years ago. Updated over 7 years ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
Certificates
Target version:
Start date:
09/11/2017
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4
Affected Architecture:
All

Description

When signing a CSR in the 2.4 GUI there is no choice to pick a digest algorithm for signing. Thus, when a CSR is signed, it is signed using the openssl default of SHA1.

We need a field to pick the digest and use it appropriately. Also, it would be nice to show the signature digest in the infoblock so it's easy to spot.

To me, I have a fix ready.

See also: https://forum.pfsense.org/index.php?topic=136471.0

Actions #1

Updated by Jim Pingle over 7 years ago

  • Status changed from Assigned to Feedback
  • % Done changed from 0 to 100
Actions #2

Updated by Jim Pingle over 7 years ago

  • Status changed from Feedback to Resolved

Works now, uses whatever the user chooses and defaults to SHA256

Actions

Also available in: Atom PDF