Certificate signature does not match contents

hcl-bot · February 12, 2014, 9:36am

We have obtained the 3rd party certificate for SSL from GoDaddy.com. I need to import and merge the root certificates and merge them with the keyring using the certsvr.nsf. This is the root certificate we received. Repository https://certs.godaddy.com/anonymous/repository.pki?streamfilename=gd_bundle-g2-g1.crt&actionMethod=anonymous%2Frepository.xhtml%3Arepository.streamFile('')&cid=273606

In principle, there are 3 certificates included. I am able to import and merge the first root certificate. When I try to import the second certificate, I the the “certificate signature does not match contents” and hence cannot continue. Has anybody experienced the same or similar problems who can help me ?

hcl-bot · May 5, 2014, 12:29pm

Subject: Deprecation?

So, what happens once SHA1 is deprecated in its entirety? The deprecation date is 2017-01-01 for Windows to stop accepting SHA1. We’re well within the 5-year issuance period and we can’t issue updated SHA2 certs to Domino servers? Sounds entirely bad for business to me. Especially on Domino 9.

hcl-bot · February 13, 2014, 12:28am

Subject: Solved

Hi Tom, thank you very much, your suggestion to use SHA-1 worked perfectly.

hcl-bot · February 12, 2014, 1:35pm

Subject: Certificate signature does not match contents

This error can occur if you try to merge an SSL certificate, whose signature is hashed using SHA-256 RSA. Since the certificate is

signed using SHA-256 RSA, the keyring file cannot accept it and an error dialog appears saying that the certificate signature does

not match its contents.

To resolve this issue, create an SSL certificate using SHA-1 hash algorithm, not a SHA-256 hash algorithm.

Also see : http://www-01.ibm.com/support/docview.wss?uid=swg21258098 http://www-01.ibm.com/support/docview.wss?uid=swg21258098

hcl-bot · October 21, 2014, 3:17pm

Subject: SHA2 works but TLS for Windows and Unix use tips

SHA2 works but TLS for Windows and Unix use tips

I guess in the context of Poodle TLS not SHA-2 is critical, but anyway here is how to get SHA-2 working with Domino 9 without IBM HTTP.

http://www.infoware.com/?p=1592 http://www.infoware.com/?p=1592
TLS is NOT SOLVED by this only SHA-2.
For Windows use IHS integration For unix look at this link Darren Duke Blog Zone http://blog.darrenduke.net/darren/ddbz.nsf/dx/here-is-a-freely-available-vm-to-reverse-proxy-domino-shoot-the-poodle.htm
Regards
Mats