[Djigzo users] Windows xp does not accept the root certificate
christine at christine.nl
Thu Jul 16 15:09:44 CEST 2009
Andreas Schubert wrote:
> what is the disadvantage i we use certs with sha1?
"sha256 is more secure, while sha1 is more widely used", as wikipedia
SHA1 uses a 160 bits digest which is easier to break than a 256bits
digest. But of course, if windows xp doesn't support sha256, you
shouldn't use sha256 if you think you'll communicate with people who are
still on windows xp.
As long as you don't specifically want to protect your email against
government agencies or against criminals with tens of millions of
dollars available to break just your email, any of these algorithms
should be secure enough.
However, you create your CA for the next half decade or so, so you want
to be certain that your hashes are still secure five years from now. As
always, there's a tradeoff between security on the one hand, and ease of
use on the other.
At any rate, I'm glad you found the problem :-)
> thank you for your help.
> Andreas Schubert
> Transline Deutschland Dr.-Ing. Sturz GmbH
> "Martijn Brinkers" <m.brinkers at pobox.com> wrote on 15.07.2009 21:58:29:
>> That's really strange. I have tested it with different windows xp
>> installations. Also others have been able to import the pfx without
>> problems. So the main question now is what's different in your setup?
>> I have seen problems installing certs in the past when access to the
>> registry was refused for some actions (the certs are imported into the
>> registry). Perhaps a virus scanner does not allow you to install a
>> root? What happens when you install only the root (as a cer file) into
>> the root store? Is it also installed into the intermediate store?
>> Kind regards
>> --- sent from Blackberry
> Users mailing list
> Users at lists.djigzo.com
dagdag is just a two-character rotation of byebye.
More information about the Users