Friday, 9 March 2012

Creating Stronger Self-Signed SSL Certificates For Testing

I prefer to use Google Chrome (developer channel) as my web browser and recently it began complaining about the self-signed SSL certificates I was using on a number of internal web applications I have developed. The error Chrome displayed was:


SSL Error Icon
The site's security certificate is signed using a weak signature algorithm!
[snip]


I originally created the certificates using the instructions in the Apache SSL FAQ. It turns out that this results in SSL certificates that use the weaker MD5 signature hash algorithm which is the cause of the complaint. This is easily fixed by adding '-sha1' to the openssl command line when generating the certificate. Like so:

$ openssl req -new -x509 -sha1 -nodes -out server.crt -keyout server.key

4 comments:

RapidSSLOnline said...

Excellent! We really appreciate to your blog post which has extremely easy and quick process to create stronger self signed SSL certificate for testing. Thank you so much for sharing it!


Cheap SSL | RapidSSL

Sarah Whitehead said...

Great methodology of SSL interogation here. I suppose taking into consideration the guidelines, one would have to research the source before purchasing a wildcard ssl cert, thankyou for sharing!

Unknown said...

very very useful worked a treat - thank you very much sire

Jimmy Jarred said...

Superb ! I am excited to learn about this process. I do read about it many times but this is the best tutorial.
digital certificates