Turns out the CSR wasn’t acceptable because of the MD5 signature. It seems the that they should be signed as RSA and not MD5. MD5 is not deemed secure enough. The plan 9 code is signing everything with MD5. Who owns this code? Has anyone fixed this yet?
> On May 24, 2015, at 11:10 AM, Skip Tavakkolian <9...@9netics.com> wrote: > > going by my notes from the last time i used plan9 tools to generate a > CSR, the only differences i see are quoting the O attribute to handle > spaces in organization name and dropping the word "SIGNING" from > PEM header/footer. > >> Thanks all. It goes through sslshopper fine, but the CA still doesn’t like >> it. I’ll call them tomorrow. Thanks for all the help. >> >> bwc >> >>> On May 23, 2015, at 1:08 PM, lu...@proxima.alt.za wrote: >>> >>>> I then pasted the contents of ‘csr’ into the page and get “This CSR >>>> has an invalid signature!” >>> >>> It's worth playing with openssl to check the output from auth/rsa2csr. >>> The diagnostics are bound to be a bit less vague. Trying your >>> instructions, the PEM encoded csr includes the seemingly unwanted word >>> "SIGNING" in the headers. When I remove it (and a space) openssl req >>> reports a valid certificate request. >>> >>> Lucio. >>> >>> > >
