Page 1 of 1
certificate issues!
Posted: March 16th, 2016, 1:50 am
by blackkatt
Hi guys!
I'm trying out the new 1.0.0 version. When Sab is first launched I get this
Your connection is not secure
The owner of 127.0.0.1 has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
127.0.0.1:8014 uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. The certificate is only valid for SABnzbd
then if you add it as exception it says this
could not verify this certificate because it was signed using a signature algorithm that was disabled because that algorithm is not secure.
its seem that using a disabled algorithm for being insecure its the same as having no SSL at all, so please fix
PS: I created my own cert for now. So no need recommend doing that
Re: certificate issues!
Posted: March 16th, 2016, 2:40 am
by shypike
We've never used valid certificates, because that is impossible to.
All we can do is generate a self-signed certificate which you have to approve in your browser.
It's been like this for years.
Having a self-signed certificate is better than nothing.
Interception is not that easy, because the browser will not accept a modified certificate.
You're likely seeing the warning again because we switched from "localhost" to "127.0.0.1" as default host.
BTW: using HTTPS on a local-only connection is overkill.
Re: certificate issues!
Posted: March 16th, 2016, 2:44 am
by blackkatt
You are missing the point
"could not verify this certificate because it was signed using a signature algorithm that was disabled because that algorithm is not secure."
the self-signed /created cert is falud. Creating your own at
http://www.selfsignedcertificate.com/ won't use an "disabled algorithm" =)
Re: certificate issues!
Posted: March 16th, 2016, 3:59 am
by safihre
Interesting, what OS are you on?
I just tried it on Ubuntu with Firefox and it would still let me visit the page after adding the exception, no message about the signature algorithm.
Also on Win10 using Firefox and Chrome it doesn't mention anything about the signature.
Maybe Sander has an idea why there's a problem with the signatures? Do we use an old one? Seems pretty standard stuff in certgen.py.
Re: certificate issues!
Posted: March 16th, 2016, 4:47 am
by shypike
It seems that we're using a outdated signing method.
We'll need to upgrade this in the next release, although it will only fix the issue for new installations.
@blackkat
1.0.0 will reuse certificates from 0.7.20, which have the same issue.
Re: certificate issues!
Posted: March 16th, 2016, 10:55 am
by sander
safihre wrote:
Maybe Sander has an idea why there's a problem with the signatures? Do we use an old one? Seems pretty standard stuff in certgen.py.
Nope; I just tested it on Windows, and for me it works with Chrome, Firefox and IE. Well ... as long as you order your browser to accept the invalid certificates.
Re: certificate issues!
Posted: March 16th, 2016, 11:36 am
by blackkatt
safihre wrote:Interesting, what OS are you on?
I just tried it on Ubuntu with Firefox and it would still let me visit the page after adding the exception, no message about the signature algorithm.
Also on Win10 using Firefox and Chrome it doesn't mention anything about the signature.
it will, u just have to look. in firefox get to "page info/security" then view certificate
shypike wrote:It seems that we're using a outdated singing method.
We'll need to upgrade this in the next release, although it will only fix the issue for new installations.
@blackkat
1.0.0 will reuse certificates from 0.7.20, which have the same issue.
that's why I signed my own, but you could always inform users about it, i bet they would like to know
thnx for the fast replay, its always nice with devs that listens. no idea when they disabled that algo, but we all have had this problem sense then and non has notice hehe.
Re: certificate issues!
Posted: March 16th, 2016, 1:18 pm
by shypike
Blackkatt is right.
We'll fix this.
Re: certificate issues!
Posted: March 18th, 2016, 2:53 am
by sander
shypike wrote:Blackkatt is right.
We'll fix this.
SP, can you explain what the problem is? "Outdated" is the cause? If so: it looks OK on my system:
Code: Select all
Issued On Tuesday, July 8, 2014 at 10:41:39 PM
Expires On Friday, July 5, 2024 at 10:41:39 PM
Re: certificate issues!
Posted: March 18th, 2016, 2:58 am
by safihre
The signing algorithm that was used to create them, according to Firefox.
Re: certificate issues!
Posted: March 18th, 2016, 3:27 am
by sander
safihre wrote:The signing algorithm that was used to create them, according to Firefox.
Strange; my Firefox 45.0 has no problems after I confirm I want to add
https://127.0.0.1:9090/ as an exception.
@safihre: are you able to reproduce it with your Firefox?
Re: certificate issues!
Posted: March 18th, 2016, 3:55 am
by shypike
Chrome says:
"The Server's certificate is signed using a weak signature algorithm."
Enough said: will be fixed in 1.0.1 or 1.1.0