This certificate has an invalid digital signature - sha224

Question

I am using nodejs as https server. and trying to test by uing sha224 as signature digest, BUT I received this error "This certificate has an invalid digital signature" and unable to access to my website. tried sha256/sha384/sha512, they are nice only sha224 get fail/rejected.

Below are all the signature digest I tried:

1. //sha224 - fail

   openssl req -nodes -sha224 -newkey rsa:2048 -keyout PrivateKey_sha224.key -out CertificateRequest_sha224.csr

   openssl x509 -req -days 365 -sha224 -in CertificateRequest_sha224.csr -signkey PrivateKey_sha224.key -out my224.crt

2. //sha256 - ok

   openssl req -nodes -sha256 -newkey rsa:2048 -keyout PrivateKey_sha256.key -out CertificateRequest_sha256.csr

   openssl x509 -req -days 365 -sha256 -in CertificateRequest_sha256.csr -signkey PrivateKey_sha256.key -out my256.crt

3. //sha384 - ok

   openssl req -nodes -sha384 -newkey rsa:2048 -keyout PrivateKey_sha384.key -out CertificateRequest_sha384.csr

   openssl x509 -req -days 365 -sha384 -in CertificateRequest_sha384.csr -signkey PrivateKey_sha384.key -out my384.crt

4. //sha512 - ok

   openssl req -nodes -sha512 -newkey rsa:2048 -keyout PrivateKey_sha512.key -out CertificateRequest_sha512.csr

   openssl x509 -req -days 365 -sha512 -in CertificateRequest_sha512.csr -signkey PrivateKey_sha512.key -out my512.crt

Back-end Code

  var credentials = {
        cert: certificate,
        key: privateKey,
        honorCipherOrder: false,
        ciphers: 'TLSv1.2+FIPS:kRSA+FIPS:!eNULL:!aNULL:!3DES',
        secureProtocol: "TLSv1_2_method"
    };
    httpsServer = https.createServer(credentials, app);

Error of sha224:

Answer 1

I ran into this same issue and the problem is with modern browsers not supporting SHA-224 as it is considered insecure.

You should use SHA-256 or higher. You could also change your browser setting to allow insecure signatures.