List any complications with common CAs in getting SHA-2 certs #24
Comments
|
On GoDaddy- Even though I generated the CSR with |
|
RapidSSL support claims that:
The RapidSSL certificate in question was purchased via Namecheap, so it's possible that buying directly from RapidSSL obviates the problem, but that's not much consolation — specifying SHA-2 during CSR generation should be sufficient no matter which retailers one uses to pay for the certificate. |
|
@JoshData So "re-key" was an option visible in your GoDaddy control panel or something? @justinmayer I was able to buy a SHA256 cert through Namecheap a week and a half ago, it's what's powering konklone.com now. That's using Comodo as the intermediary and it doesn't mention RapidSSL anywhere - is it a different offering? |
|
Namecheap is just the reseller — the actual TLS certificate issuance occurs at the provider. Comodo is one provider, while RapidSSL is a subsidiary brand of GeoTrust. In your case, purchasing the Comodo cert from Namecheap resulted in a proper SHA256-signed cert, whereas my RapidSSL cert purchase via Namecheap resulted in a SHA1-signed cert. Does that help clarify? |
|
For posterity, here's the command I used to generate the CSR: |
|
@konklone: Right. |
|
Update… According to Namecheap, the fault lies squarely with GeoTrust, who apparently does not use SHA-2 by default. So once the certificate has been purchased via Namecheap and then issued by GeoTrust, Namecheap support has informed me that you must then re-issue the certificate via GeoTrust's site in order to receive a SHA-2-signed certificate. I've tested that process with the assistance of a Namecheap Live Chat support rep, and I was indeed re-issued a certificate that passes muster according to https://shaaaaaaaaaaaaa.com/. The intermediate RapidSSL and GeoTrust CA certificates still indicate "SHA1withRSA", so hopefully they will catch up to the rest of us in due course. |
|
Thanks for following up! And for pressing them and raising awareness with Namecheap and RapidSSL and GeoTrust -- these sorts of customer service pressure points will accelerate the transition. |
|
I submitted a SHA2 CSR for a RapidSSL cert resold by https://cheapsslsecurity.com and got a SHA1 cert back from GeoTrust. I have contacted RapidSSL support for assistance (their knowledgebase indicates SHA-256 should be supported). |
|
I updated the site, so I'm marking this issue as closed, but please continue to add examples on this thread and I'll update the site accordingly. |
|
For anyone with problems with RapidSSL from any of their resellers or any other GeoTrust brand certificates:
This portal is also where you revoke your old certificate. |
|
Gandi doesn't support SHA-2 at all. I've suggested to their support folks that this is going to be a problem in the very near future. :( |
|
@mikewest Gandi says they're "working on it, but it's complicated :(" and imply that Windows XP SP2 will be a problem. They also encourage people to vote here on SHA-2 certs. Their stance is super dumb, because old browser support doesn't stop them from issuing SHA-2 certificates. It's up to the site owner to make the call on whether and how to support old clients. Anyway, I'm updating the website to point to this. |
|
That SHA-2 certs feature request is now the top item, at 100% (whatever that means): https://www.gandi.net/domain/wishlist/ |
|
RapidSSL Intermediate CA will issue new SHA-256 certificates on October 1st, according to their costumer support. Existing direct costumers will get an email advisory. Advisory status unknown for those who have bought through a reseller. I would assume the new certs will be made available here. |
|
Regarding RapidSSL and SHA-2: The issue at the moment is that while it is possible to get a certificate issued from RapidSSL signed with SHA-2, their intermediate certificates are not signed by SHA-2. I do not fully understand the technical implications of this, but my understanding is that the certificate chain is then somehow "downgraded" to SHA-1. Its unclear to me whether or not Google treats a SHA-2 signed-cert that has a SHA-1 Intermediate chain as safe or not. At the moment there is no ability to establish a SHA-2 certificate chain with RapidSSL. I have been told GeoTrust's QuickSSL certificate has the same problem (but the rest of GeoTrust's catalog is not affected). The issue should not be specific to any resellers of RapidSSL. Even if the default order form does not allow for specification of SHA2, they should all have access to it one way or another via reissue/etc. But like I said, I am not sure if the lack of SHA-2 Intermediate Certificates will cause the cert to be identified as insecure by Google's upcoming change. I am awaiting a response from a contact at Symantec regarding this issue, but if anyone knows the answer to this, please do share. |
|
@vtlynch, the entire chain must be SHA-2 for Chromium browsers not to downgrade a cert. Google’s Security blog post expressly states its the whole chain. HOWEVER, Chrome 39 will only downgrade if the end-entity is SHA-1 whilst Chrome 40 will look further up the chain but only hint if there are trouble further up. Chrome 41 will downgrade if any certs are SHA-1. There are six weeks (+holiday season) between releases. Furthermore, you can reissue your RapidSSL certs as SHA-2 yourself (no matter the reseller). However, you must also upgrade their RapidSSL Intermediate CA when the updated version is available on October 1st. Should be a drop-in replacement if your own cert is SHA-2. Depending on the software, you are also going to need the GeoTrust CA SHA-2 (available now) on your server for features such as OCSP stapling as those require a full SHA-2 chain locally on the server. |
|
Thanks for the quick reply! Can you provide a source for Rapid SSL's SHA 2 intermediate being available On Monday, September 8, 2014, Daniel Aleksandersen notifications@github.com
Vincent Lynch |
|
@vtlynch, I cannot provide any transcript of my support chat session.. However, you can chat with the source live by clicking Live Chat on this page and asking “Will there be a new SHA-256 certificate of the RapidSSL Intermediate CA on October 1st?” They should be able to confirm it. It took first-line some time to realize what I was asking, but such a specific question should yield a fast response. Support said it was in direct response to Google. PS: See updated comment above for Chromium roll-out details. |
|
@Aeyoun Ok great! I see the Google announcement is clear on the details regarding the chain as I reread it now. I have just confirmed the same information you heard via live chat. Here are the relevant excerpts: "Symantec has accelerated its plan to offer SHA-2 end-entity certs chaining to SHA-2 intermediates...generally available on September 15, 2014." So RapidSSL will have a fully compatible intermediate chain by Sep 15. This comes from a contact at Symantec and will be made as an official statement soon. |
|
from a support chat - GeoTrust claim they cannot reissue a certificate (through their GeoTrust Security Center) with SHA-2 until September 15, when they will be launching a utility to do just this. |
|
GeoTrust will reissue, but the new SHA-2 certificate reissues are still signed with a SHA-1 root, which means the chain still requires a SHA-1 cert.
|
@dwradcliffe I don't think that's true - SHA-1 roots won't cause problems, in this tool or in Chrome, because they aren't verified using their digital signature. Though, if your site includes the SHA-1 root in your certificate chain (which many sites do, even though they don't need to), I'm not sure what will happen. That's discussed in #37. |
|
Apologies if this is the wrong place to post this, but I just emailed gogetssl.com to ask about SHA-2 support. They replied 'Starting at 12th September all our SSL will be SHA-2.' I have no affiliation with them, but they offer the lowest cost Comodo (DV) certs that I've found. I have a bunch of Gandi issued certs that I am unable to upgrade (since they don't support SHA-2 yet), so I'm looking for the cheapest possible option. |
|
@konklone I could be wrong, but based on my tests the cert that was issued with a SHA-1 root was not valid in all browsers when I used the SHA-2 chain. I had to include a different chain that included a SHA-1 cert in order for the site to work in all browsers and pass the tests. That was also confirmed by GeoTrust support. |
|
@dwradcliffe I'm reasonably confident that there's some other issue at play here causing your issue -- it is totally fine to use a SHA-1 root to sign SHA-2 intermediates and client certificates. If you can put both situations online so I/we can inspect them, maybe we could help figure it out. |
|
Just lost an hour trying to understand why Chrome 40 would warn me of obsolete security parameters that might be a problem for future versions of Chrome.. It was only a local issue. On a more recent ubuntu, there was no problem. My chain is SHA256 certificate -> RapidSSL SHA256 certificate -> GeoTrust SHA1. As said by #24 (comment), it seems that there's no need to worry about the root being SHA1. Ssllabs says "Weak or insecure signature, but no impact on root certificate". |
|
@NotSqrt I bet it's because of a Chrome issue :/ Discussed here, your browser can improperly cache the SHA-1 paths it's seen on prior sites using the same certs: https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/pKTfaA8KqcQ I believe a fix is rolling out in the next version of Chrome. |
|
Probably Chrome + outdated NSS lib. |
|
I have been unable to build a working RapidSSL OCSP configuration using a newly issued SHA2 cert on nginx. Has anyone had success willing to share the proper certs and configuration details? |
|
Your serer block should contain something like: The last line is key. It should contain a certificate chain with the root certificate and the intermediate certificate. Another issue with nginx and OCSP is if you use virtual hosts. One of them must be designated the default_server and that host must have stapling enabled, otherwise stapling will not work on any virtual host. |
|
Another thing I've noticed with nginx is that stapling won't appear to be working if you test it, e.g. with SSL Labs, right after restarting the server. It takes a request or two to start working. |
|
SSL Labs fails me for OCSP. Yet, if I check manually with OpenSSL, namely running the following (sourced from this random blog): I get a valid OCSP response! |
|
And with that SSL Labs says I have OCSP enabled. |
|
Namecheap has a pretty nice list of many intermediate certs here: https://www.namecheap.com/support/knowledgebase/article.aspx/9393/69/where-do-i-find-ssl-ca-bundle After trying many of the RapidSSL options from their own site for a wildcard cert and still getting the Chrome warning (but an A+ at SSL Labs, go figure), the RapidSSL wildcart intermediate pack worked for me in Chrome. |
|
If anyone is having problems with rapidssl with a sha256 cert, make sure that the cert was issued after they changed their intermediate from sha1 to sha256, I had previously gotten a cert before the change and even though it was sha256 it wasn't working. After re-issuing there was no problem. |
|
Chrome 41 on Mac OSX and Chrome OS is now doing the "neutral security" thing for Rapid SSL SHA-256 certs that expire after 1/1/2017 because there's still a SHA-1 certificate in the chain (GeoTrust Global CA). Neutral security means no "green lock" icon, but no explicit warning either. I'm waiting for a response from them, but unless they plan on updating their whole certificate chain very soon, the answer will probably be requesting expiration of 12/31/2016 or earlier when having certificates issued. UPDATED: RapidSSL documents on using their intermediate CA "bundles" all include the GeoTrust intermediate CA signed by Equifax. That intermediate ("primary intermediate") is no longer needed with the SHA-256 certificates currently being issued, you only need the RapidSSL secondary intermediate. If you have the additional SHA-1 intermediate, then SSLLabs will show two certification paths, and the second one, with the SHA-1 signed GeoTrust certificate, will cause Chrome to display the neutral security warning. Tl; Dr: for Rapid SSL intermediate certificates, you only want the one ending in "mJMcCaY". If you also have the one ending in "mHyhD8S", it will trigger Google's SHA-1 chain warning. |
|
Too much problem, not gonna renew RapidSSL time to move on ;p |
|
how i can get intermediate and root from geotrust portal ? i am dont have login access. i have intermediate, looking for root. -----BEGIN CERTIFICATE----- PLEASE HELP. |
|
@charan9 You shouldn't need the root unless you're attempting to support very old clients with very old trusted root lists. The cert ending in JMcCaY should terminate at a trusted GeoTrust Global Root certificate pre-installed on modern OSes. That said, if you ARE supporting ancient clients, you can't include the root certificate in your intermediate chain -- they would need to install the roots themselves. They can get the required root certificate from the link below, I believe the certificate in question is listed as "Root 2 - GeoTrust Global CA": |
|
Ran into an issue while generating a CSR for Symantec, it kept telling me that the CSR was not in a valid format: "The submitted CSR is not a properly formatted CSR. Generate and submit a valid CSR" Found this advice in their documentation, which fixed it: "Please do not enter an email address, challenge password or an optional company name when generating the CSR." Hope this helps. |
|
Hi, wildcard : _.abcdinteractive.com Google is not helping on this error, if some one can guide in this it will be great help for me. Thanks |
|
For a wildcard cert you need to set the CN to — On Thu, Apr 30, 2015 at 12:44 PM, charan9 notifications@github.com
|
|
Jonny... my mistake .. thats typo i used *.abcdinteractive.com for generating. |
|
Can you possibly copy/paste the whole output into a gist? — On Thu, Apr 30, 2015 at 12:55 PM, charan9 notifications@github.com
|
|
jonny
Thanks |
|
@charan9 not sure what you're using there to generate a certificate request, but I'd recommend you go the plain old command line route. These instructions should get you going: http://www.rackspace.com/knowledge_center/article/generate-a-csr-with-openssl |
|
For those with RapidSSL, I think I got OCSP working now with the SHA256 certs. I say think because SSLLabs test is saying no, but openssl testing commands are saying yes. Here are the keys I had to use: Credit for this goes here. FWIW, maybe someone can help me with why my SSLLabs test is giving me a "No" on OCSP stapling, but this command is not: > echo QUIT | openssl s_client -connect example.com:443 -status 2> /dev/null | grep -A 17 'OCSP response:' | grep -B 17 'Next Update'Result: |
|
Hi All, What could be the best option to continue in certificate domain. what kind of training i need to take to Any advices will be appreciated. Thanks |
|
i am generating sha1 csr with 2048 bit and using for procuring sha256 certificate. Will this create any security issue in future ? as we are migrating to sha2. Thanks |
|
@charan9 Most places don't care what sig your CSR uses. I suspect that by now, in mid-2015, "most" has become "all", and you should be fine no matter what. Ring in here if you see any issues. |
|
No dice after the reissue though, get incomplete cert warning with SSL Labs...sigh ;-) |
|
Got it sorted, with the help of this excellent github project. No idea where the intermediate cert (that the above tool found) came from, but it's not the one provided by GeoTrust in my comment above. |
|
After some struggle with the Geotrust certs, it appears there's an extra cross root you can add that fixes verification errors on certain platforms (in my case it was a customer complaining about Pidgin on Windows XP showing a certificate warning). The cross root is at https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1426 and the entire intermediate cert needed to get it to work without errors is this: For Geotrust certs (in my case, the RapidSSL domain validation certificates) this resolved all my verification errors on every platform. |
|
Hi ALL, https://www.sslshopper.com/ssl-checker.html#hostname=moneycenter.yodlee.com i am using below chain to link. Please suggest why i am getting this and which chain i need to bind. INTERMEDIATE:- (thawte_SSL_SHA2_CA_G2 ) ROOT: -----BEGIN CERTIFICATE----- Thanks |
and others
@justinmayer is having trouble with RapidSSL. @JoshData had trouble with GoDaddy, he was told he had to "re-key" his certs.
Any hiccups people might run into when responding to the site should be proactively listed.
The text was updated successfully, but these errors were encountered: