I had this same problem. In addition to unsupported hashing algorithm, I think it also indicates a key size that is too large. I had to select a 2048 key for other reasons (cisco scep).
Dave ----- Original Message ----- From: "Lenir Santiago" [le...@tristarcorp.net] Sent: 05/11/2009 04:24 PM AST To: "'Scott Rea'" <scott....@dartmouth.edu>; "'Users' Help and Suggestions'" <openca-users@lists.sourceforge.net> Subject: Re: [Openca-Users] Root CA Certificate - This certificate has an nonvalid digital signature. Actually I used SHA1. Here's the fingerprint: SHA1:9B:5E:2D:34:99:4A:E7:0E:55:3D:C6:30:A9:8E:A4:81:43:BB:57:0A Lenir -----Original Message----- From: Scott Rea [mailto:scott....@dartmouth.edu] Sent: Monday, May 11, 2009 4:19 PM To: le...@tristarcorp.net; Users' Help and Suggestions Subject: Re: [Openca-Users] Root CA Certificate - This certificate has an nonvalid digital signature. The warning signs simply indicate that these extensions are critical - this is expected behavior W2K3 SP2 probably does not have support for the SHA2 hash algorithms (I think you need at least SP3) and I am guessing you used a SHA2 hash when you created your certificate. Either go back and use SHA1 or MD5 (not recommended), or update to SP3 _Scott Lenir Santiago wrote: > > Guys, > > After setting up OpenCA and creating my root CA certificate, I tried > to install it in W2K3 R2 with SP2, however w2k3 complains about the > certificate with: > > "This certificate has an nonvalid digital signature." > > Under details, it has two warning signs next to "Basic Constraints" > and "Key Usage", here are their contents: > > Subject Type=CA > > Path Length Constraint=None > > Certificate Signing, Off-line CRL Signing, CRL Signing (06) > > Any suggestions? What seems to be the problem? > > Thanks, > > Lenir > > ------------------------------------------------------------------------ > > ---------------------------------------------------------------------------- -- > The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your > production scanning environment may not be a perfect world - but thanks to > Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 > Series Scanner you'll get full speed at 300 dpi even with all image > processing features enabled. http://p.sf.net/sfu/kodak-com > ------------------------------------------------------------------------ > > _______________________________________________ > Openca-Users mailing list > Openca-Users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openca-users > ------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users This is an e-mail from General Dynamics Land Systems. It is for the intended recipient only and may contain confidential and privileged information. No one else may read, print, store, copy, forward or act in reliance on it or its attachments. If you are not the intended recipient, please return this message to the sender and delete the message and any attachments from your computer. Your cooperation is appreciated. ------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
