Skip to main content
This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal

HCL Notes/Domino 8.5 Forum (includes Notes Traveler)

HCL Notes/Domino 8.5 Forum (includes Notes Traveler)
Previous Next
Subject: Problems with SSL cert install - 'certificate signature does not match contents' (updated)
Feedback Type: Problem
Product Area: Domino Server
Technical Area: Administration
Platform: Windows
Release: 8.5.3
Reproducible: Always

I'm going through my first third party CA ssl install and have run into a problem.

Workflow:
1. Create new keyring
2. Create a CA request and mailed to Thawte.
3. Thawte returned crossRootCA.cer, IntermediateCA.cer, and ssl_certificate.cer.
4. Extracted root certificate from crossRootCA.cer and installed trusted root onto keyring.
5. Installed crossRootCA.cer - success.
6. Installed IntermediateCA.cer - failed 'certificate signature does not match contents'
7. Verified that Trusted root and cross root are SHA1.
8. Verified that Intermediate and ssl certs are sha256.

Thawte's resolution is listed as:
'To resolve this issue, create an SSL certificate using SHA-1 hash algorithm, not a SHA-256 hash algorithm.'

So I'm not a real admin (but play one at work) and certainly not any kind of ssl expert. Is the resolution something I can do (and if yes, point me to something that tells me how) or does it require we get a new certificate set from Thawte?

I'm working with my IT group but wanted to see what help I could get from the group.

Thanks in advance for the assist.

Doug

I've been searching the web for answers and am not finding anything that gets me out of the hole.

link to Thawte's article on the issue:
(described here (https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO21171&actp=search&viewlocale=en_US&searchid=1420810669426)

Update 1:
Running Domino 8.5.3 FP1 on Windows Server 2008R2
I have not installed any later fix packs intended for POODLE. We are currently self certified and I was concerned that installing the FPs could cause the server to stop allowing use of self generated certs. I have no clue if any of this plays into the problem I describe above.


Feedback number WEBB9SLJBK created by ~Martha Lopjipyskioden on 01/09/2015

Status: Closed
Comments: Having cert regenerated and then planning a migration to 9.x

Problems with SSL cert install - 'c... (~Martha Lopjipy... 9.Jan.15)
. . Have Thawte re-issue the certificat... (~Sigmund Dworel... 9.Jan.15)
. . . . Follow on (~Martha Lopjipy... 9.Jan.15)
. . . . . . From what I think I understand... (~Sigmund Dworel... 9.Jan.15)
. . . . . . . . I hate admin work... (~Martha Lopjipy... 9.Jan.15)
. . . . . . . . . . No problem! (~Sigmund Dworel... 9.Jan.15)
. . . . . . . . . . . . Dev by choice, admin, just because (~Martha Lopjipy... 13.Jan.15)
. . . . . . . . . . . . . . Reverse Proxy (~Carol Asafreek... 14.Jan.15)
. . . . . . . . . . . . . . . . Not likely (~Martha Lopjipy... 19.Jan.15)
. . . . . . . . . . . . . . . . . . Have you ruled out upgrading? (~Tanita Desweve... 21.Jan.15)
. . . . . . . . . . . . . . . . Agreed, although... (~Fred Asatumibu... 14.Jan.15)
. . . . . . . . . . . . . . . . . . You are right (~Carol Asafreek... 14.Jan.15)
. . . . . . . . . . . . . . . . . . . . Reverse proxy (~Fred Asatumibu... 15.Jan.15)
. . . . . . . . . . . . . . . . . . . . . . Nice (~Carol Asafreek... 15.Jan.15)
. . . . . . . . . . . . . . Sounds familiar (~Fred Asatumibu... 13.Jan.15)




Printer-friendly

Search this forum

Member Tools


RSS Feeds

 RSS feedsRSS
All forum posts RSS
All main topics RSS