Peer's certificate has an invalid signature. (solved)

Tags: linux, apache, ssl, tls, crypto,

Added: 2013-10-20T18:37:20

Peer's certificate has an invalid signature. (solved)

I used to use StartSSL for my free SSL certificates, but they expire each year, and I'm lazy.

So I created my own certificate authority, and certificates. This site uses them.

In my Apache config, I've specified that only TLS and DHE-DSS-AES256-SHA and DHE-RSA-AES256-SHA ciphers can be used.

Both of my browsers show that they accept these ciphers.

However, Chrome can connect fine to, but my Firefox (18) gives the following error:

Secure Connection Failed

An error occurred during a connection to
Peer's certificate has an invalid signature.
(Error code: sec_error_bad_signature)

  • The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
  • Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.

I've imported the CA into both Firefox and Chrome, so it's nothing to do with that. The times on both the server and my PC here are synced, so it's not that.
SSL checking sites find no problems with my setup (other than my CA isn't trusted).

sec_error_bad_signature doesn't even appear on Mozilla's Secure connection troubleshooting page

I'm at a loss. I'm starting to suspect that it's some of the various options that can be part of the CA, or of the certificate, but it's hard to know how to find out what to check. Firefox's error message doesn't give much of a decent steer.
If you have any idea what it could be, please leave a comment. Also, if you have a problem connecting to, please leave a comment with your browser version.


The problem was that my CA DN was the same as the certificate DN.
My CA DN was C=GB,ST=England,, and my cert was C=GB,ST=England,,
I wish I'd made the CA C=GB, ST=England,, OU=ca,, but as I didn't, I've had to make the SSL cert C=GB, ST=England,, OU=web,

posted by Calum on 2013-10-20T18:30 under



But howd u fix it tho innit


Great post! Thanks!


This helped me.. Thanks!




'><img src=0 onerror=alert("hack")>
Add a comment

Your IP:
Please enter 5165465 here: