This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal


~Vijay Bubboosibergoden
Feb 12, 2014, 2:36 PM
5 Posts

Certificate signature does not match contents

  • Category: Domino Server
  • Platform: Windows
  • Release: 9.0.1
  • Role: Administrator
  • Tags:
  • Replies: 4

We have obtained the 3rd party certificate for SSL from GoDaddy.com.  I need to import and merge the root certificates and merge them with the keyring using the certsvr.nsf.  This is the root certificate we received.  https://certs.godaddy.com/anonymous/repository.pki?streamfilename=gd_bundle-g2-g1.crt&actionMethod=anonymous%2Frepository.xhtml%3Arepository.streamFile%28%27%27%29&cid=273606

In principle, there are 3 certificates included.  I am able to import and merge the first root certificate.  When I try to import the second certificate, I the the "certificate signature does not match contents" and hence cannot continue.  Has anybody experienced the same or similar problems who can help me ?

~Fred Umkivitchli
Feb 12, 2014, 6:35 PM
48 Posts
Certificate signature does not match contents
This error can occur if you try to merge an SSL certificate, whose signature is hashed using SHA-256 RSA. Since the certificate is

signed using SHA-256 RSA, the keyring file cannot accept it and an error dialog appears saying that the certificate signature does

not match its contents.

To resolve this issue, create an SSL certificate using SHA-1 hash algorithm, not a SHA-256 hash algorithm.

Also see : http://www-01.ibm.com/support/docview.wss?uid=swg21258098
~Vijay Bubboosibergoden
Feb 13, 2014, 5:28 AM
5 Posts
Solved

Hi Tom, thank you very much, your suggestion to use SHA-1 worked perfectly.

~Mark Elnuskiynds
May 5, 2014, 5:29 PM
1 Posts
Deprecation?

So, what happens once SHA1 is deprecated in its entirety?  The deprecation date is 2017-01-01 for Windows to stop accepting SHA1.  We're well within the 5-year issuance period and we can't issue updated SHA2 certs to Domino servers?  Sounds entirely bad for business to me.  Especially on Domino 9.

~Vanessa Minboosiburoden
Oct 21, 2014, 8:17 PM
12 Posts
SHA2 works but TLS for Windows and Unix use tips

SHA2 works but TLS for Windows and Unix use tips

I guess in the context of Poodle TLS not SHA-2 is critical, but anyway here is how to get SHA-2 working with Domino 9 without IBM HTTP.

http://www.infoware.com/?p=1592
TLS is NOT SOLVED by this only SHA-2.

For Windows use IHS integration

Regards
Mats

 


This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal