Cent OS genkey bad certificate request error -8016

centos

This looks like it's a bug reported here in the RHEL/CentOS 6.4 crypto-utils. It's also been reported on the CentOS forums.

Description of problem: Since EL 6.4, a new version of NSS considers MD5 signatures as invalid. 1 keyutils generated ssl certificates with md5 signatures. Since EL 6.4 trying to generate a ssl self-signed certificate leads to segfault.

Possible workaround - from the bug report - generate the files manually

Manual creation works (creates an sha1 signed certificate):
openssl genrsa -out ca.key 2048
openssl req -new -x509 -days 1095 -key ca.key -out ca.crt  -subj "/CN=ca.puzzle.ch /O=Puzzle ITC/L=Bern/ST=Bern/C=CH"
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr -subj "/CN=server.example.com/O=Puzzle ITC/L=Bern/ST=Bern/C=CH" 
openssl x509 -req -days 1095 -CA ca.crt -CAkey ca.key -set_serial 01 -in server.csr -out server.crt 
openssl x509 -in server.crt -text

Signature Algorithm: sha1WithRSAEncryption

Related

Update a DNS to a for a dynamic IP
ProLiant DL580 G7 E7 Upgrade Issue
Group of workstations refuse to SSH to one another, but can connect just fine in and out to others
subversion intermittently hangs (stalls) on commit
SQL Server 2008 Express edition download package
How to mount a root aufs in Red Hat / Fedora Core?
Dig vs Whois on Nameserver Update and Reference to Unknown FQDN?
MS licensing of multiple RDP sessions for non-MS products in Windows XP Pro [closed]
Bandwidth Monitor
How can I scan using nmap and Zenmap all hostnames that begin with a particular string?
Openldap problems with adding attribute
Xen console access from the web