Closed weppos closed 9 years ago
There is an ongoing thread about this that discusses complications and workarounds with common CA's: issue #24
Thanks for pointing this out, @weppos. I had wrongly assumed the -sha256
was a request for the signature algorithm -- actually, it's just what the CSR itself is signed with (which some CAs seem to take as a sign of what they should use for the cert).
I just updated the copy in ff91707 to de-emphasize signing the CSR with SHA-2, and to emphasize that each CA is different.
At https://shaaaaaaaaaaaaa.com/#sha2-certificate you wrote
Unfortunately, from my tests, it looks like most of the CA ignores the signature requested in the CSR.
You may want to add a note about it.