Monday, September 29, 2008
Keep on rolling...
Wednesday, September 24, 2008
Error: sec_error_bad_signature with Firefox 3
Recently when most of our team upgraded their browsers to Firefox 3 we noticed then when we tried to visit on of our internal websites over a secure connection we would get presented with an error page saying "sec_error_bad_signature". Most of the existing comments on the web seem to be saying that they are seeing this error when visiting a site with an untrusted certificate. However in our case it was a correctly signed certificate obtained through the JANET Server Certificate Service.
The server is just a Ubuntu Linux server with a standard installation of Apache Tomcat 5.5 and another very similar setup was working correctly. But after close inspection it became clear that the server had a public key using the DSA algorithm but the machine that was working correctly was using the RSA algorithm. The certificate work was done with the Java keytool command and I think I probably didn't specify the -keyalg RSA
argument. After recreating with RSA the certificate and installing it everything was working correctly. The screenshots are taken with Safari (which worked fine with DSA) and shows the two different certificates.