Invalid Digital Signature of generated certificates

cancel
Showing results for 
Search instead for 
Did you mean: 
jeffreyman
Active Member II

Re: Invalid Digital Signature of generated certificates

Jump to solution

Hi,

I have tried to re-download the tool and clean all folder inside "ssl-tool-win". However, the result is same, that is invalid digital signature.

Do you have expereience on alfresco-ssl-generator tool?

sufo
Established Member II

Re: Invalid Digital Signature of generated certificates

Jump to solution

One quick idea. Did you remove old CA certificate from Trusted Root CAs? You have to import new CA certificate into the Trusted Root CAs in Windows. It depends if you installed in your user store or computer store. This may help you: https://www.thesslstore.com/knowledgebase/ssl-install/how-to-import-intermediate-root-certificates-u...

jeffreyman
Active Member II

Re: Invalid Digital Signature of generated certificates

Jump to solution

Hi,

To my understanding, it seems not relate to windows certificate manager. It is stored in the keystore/truststore. Attached is the windows trust root ca.

Capture.PNG

sufo
Established Member II

Re: Invalid Digital Signature of generated certificates

Jump to solution

Go to the ca\certs directory and copy ca.cert.pem to ca.cert.crt. Double-click on ca.cert.crt and you should see that it is not trusted. You have to ad it to trusted certificates. I think that you have added previous CA certificate to your personal store not the computer store. Check it too.
 certstore.png

 

jeffreyman
Active Member II

Re: Invalid Digital Signature of generated certificates

Jump to solution

HI,

I haved added the CA cert into local machine. I can see the generated cert is using new CA cert. However, the cert is still invalid digital signature. Any idea?

sufo
Established Member II

Re: Invalid Digital Signature of generated certificates

Jump to solution

But, did you remove the old CA cert from trusted certificates? I think that this is the issue.

Run this command in the directory where you have run.cmd:

openssl verify -CAfile ca\certs\ca.cert.pem certificates\repository.cer
jeffreyman
Active Member II

Re: Invalid Digital Signature of generated certificates

Jump to solution

Hi,

Here is result.

certificates/repository.cer: OK

jeffreyman
Active Member II

Re: Invalid Digital Signature of generated certificates

Jump to solution

Hi Sufo,

After install the new CA cert in local user, the certificates look good. I think it is a viewing problem, not certificate itself.

Thanks a lot.