From now on, certificates from CAcert are signed with SHA512 as signature hashing algorithm. Doing so, CAcert improves the security of newly issued certificates over the previously used, usual standard in the industry for certificate authorities. Formerly created certificates remain valid of course. Due to limitations in Microsoft Windows XP without Service Pack 3 the new signatures cannot be validated there. An update to at least Microsoft Windows XP with Service Pack 3 or better (e.g. Linux) eliminates this limitation.
One thought on “CAcert with new signature algorithm”
Leave a Reply
You must be logged in to post a comment.
Users and systems utilizing services linking gnutls who are having problems with the new certificates may want to be aware of the following bug filed against gnutls:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740160