Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Invalid Digital Signature of generated certificates

Go to answer
jeffreyman
Confirmed Champ
Confirmed Champ

‎02-10-2021 07:03 AM

Hi,

I use alfresco-ssl-generator to generate certificates for repository, solr and client. However, the generated certificates show "This certificate has an invalid digital signature" error. I have no idea how to fix it. Please help.

 image

Labels:
0 Kudos
1 ACCEPTED ANSWER

Go to answer
jeffreyman
Confirmed Champ
Confirmed Champ
In response to jeffreyman

‎02-10-2021 09:49 PM

Hi Sufo,

After install the new CA cert in local user, the certificates look good. I think it is a viewing problem, not certificate itself.

Thanks a lot.

View answer in original post

0 Kudos
17 REPLIES 17

Go to answer
jeffreyman
Confirmed Champ
Confirmed Champ
In response to sufo

‎02-10-2021 10:13 AM

Hi,

I have tried to re-download the tool and clean all folder inside "ssl-tool-win". However, the result is same, that is invalid digital signature.

Do you have expereience on alfresco-ssl-generator tool?

0 Kudos

Go to answer
sufo
Star Contributor
Star Contributor
In response to jeffreyman

‎02-10-2021 10:30 AM

One quick idea. Did you remove old CA certificate from Trusted Root CAs? You have to import new CA certificate into the Trusted Root CAs in Windows. It depends if you installed in your user store or computer store. This may help you: https://www.thesslstore.com/knowledgebase/ssl-install/how-to-import-intermediate-root-certificates-u...

0 Kudos

Go to answer
jeffreyman
Confirmed Champ
Confirmed Champ
In response to sufo

‎02-10-2021 10:39 AM

Hi,

To my understanding, it seems not relate to windows certificate manager. It is stored in the keystore/truststore. Attached is the windows trust root ca.

image

0 Kudos

Go to answer
sufo
Star Contributor
Star Contributor
In response to jeffreyman

‎02-10-2021 10:57 AM

Go to the ca\certs directory and copy ca.cert.pem to ca.cert.crt. Double-click on ca.cert.crt and you should see that it is not trusted. You have to ad it to trusted certificates. I think that you have added previous CA certificate to your personal store not the computer store. Check it too.
 image

0 Kudos

Go to answer
jeffreyman
Confirmed Champ
Confirmed Champ
In response to sufo

‎02-10-2021 11:13 AM

HI,

I haved added the CA cert into local machine. I can see the generated cert is using new CA cert. However, the cert is still invalid digital signature. Any idea?

0 Kudos

Go to answer
sufo
Star Contributor
Star Contributor
In response to jeffreyman

‎02-10-2021 01:05 PM

But, did you remove the old CA cert from trusted certificates? I think that this is the issue.

Run this command in the directory where you have run.cmd:

openssl verify -CAfile ca\certs\ca.cert.pem certificates\repository.cer
0 Kudos

Go to answer
jeffreyman
Confirmed Champ
Confirmed Champ
In response to sufo

‎02-10-2021 08:39 PM

Hi,

Here is result.

certificates/repository.cer: OK

0 Kudos

Go to answer
jeffreyman
Confirmed Champ
Confirmed Champ
In response to jeffreyman

‎02-10-2021 09:49 PM

Hi Sufo,

After install the new CA cert in local user, the certificates look good. I think it is a viewing problem, not certificate itself.

Thanks a lot.

0 Kudos
Getting started

Explore our Alfresco products with the links below. Use labels to filter content by product module.

Copyright © 2024 Khoros, LLC