You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I asked the LXD-UI (from LXD latest/edge) to generate a certificate and got one using RSA-2048 with SHA1 signature. Both are sub-optimal in terms of security. ECDSA P-384 with SHA384 would be in line with what the CLI client generates. Also, the C and ST fields in the Issuer and Subject fields should probably be dropped instead of getting invalid values.
$ openssl x509 -text -noout -in ~/Downloads/lxd-ui-v1.lxd.crt
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:76:00:09:17:06:88:00:09:21:09:13:04:24:00:22
Signature Algorithm: sha1WithRSAEncryption
Issuer: C = AU, ST = Some-State, O = LXD UI v1.lxd (Browser Generated)
Validity
Not Before: Jan 30 18:27:56 2025 GMT
Not After : Oct 27 18:27:56 2027 GMT
Subject: C = AU, ST = Some-State, O = LXD UI v1.lxd (Browser Generated)
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
...
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
Signature Value:
...
I get a similarly looking certificate with Firefox 134.0.2 and Chromium 132.0.6834.83.
The text was updated successfully, but these errors were encountered:
I asked the LXD-UI (from LXD
latest/edge) to generate a certificate and got one using RSA-2048 with SHA1 signature. Both are sub-optimal in terms of security. ECDSA P-384 with SHA384 would be in line with what the CLI client generates. Also, theCandSTfields in theIssuerandSubjectfields should probably be dropped instead of getting invalid values.I get a similarly looking certificate with Firefox 134.0.2 and Chromium 132.0.6834.83.
The text was updated successfully, but these errors were encountered: