Bug 921117

Same for F17.

Same problem in F18 with domaine name as argument.

Same for F17, using genkey from crypto-utils-2.4.1-39.fc17.x86_64 (currently the latest).

This is caused by a change that came when we updated to nss 3.14 from upstream.
Support for certificate signatures using the MD5 hash algorithm is now disabled by default. - https://developer.mozilla.org/en-US/docs/NSS/NSS_3.14_release_notes
NSS always gives the user a way for the user to override changes for compatibility. Setting a runtime environment variable via NSS_HASH_ALG_SUPPORT=+MD5 should solve your problem. 

This a temporary and longer term genkey should use a more secure digest algorithm. In my opinion you shouldn't have to go around overriding default's. Our tools should do the right thing for you. The burden is on me.

I've confirmed that running "export NSS_HASH_ALG_SUPPORT=+MD5" before genkey means the cert can be generated.

(In reply to junk from comment #5)
> I've confirmed that running "export NSS_HASH_ALG_SUPPORT=+MD5" before genkey
> means the cert can be generated.

For me it's not working (Fedora 19). I get same error w/o NSS_HASH_ALG_SUPPORT.

Linux skipper 3.9.9-302.fc19.x86_64 #1 SMP Sat Jul 6 13:41:07 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

Same for F19

What if in addition to export NSS_HASH_ALG_SUPPORT=+MD5 you also set  
export NSS_ALLOW_WEAK_SIGNATURE_ALG=1, does it work then?

Same behavior with Fedora 20 Alpha.

crypto-utils-2.4.1-44.fc20.x86_64

I was able to create a self signed cert on F19 when both settings were applied.

Default config still fails in Fedora 20. It's also worth noting that overriding the disabling of the MD5 digest algorithm creates a certificate which many browsers will not trust at all which renders this tool pretty useless.

Commit: http://pkgs.fedoraproject.org/gitweb/?p=crypto-utils.git;a=commitdiff;h=900400f9a8e2cb8aad10b8a66aac65d2c0af0f60
Package: crypto-utils-2.4.1-45.fc21
Build: https://koji.fedoraproject.org/koji/buildinfo?buildID=493045

Commit: http://pkgs.fedoraproject.org/gitweb/?p=crypto-utils.git;a=commitdiff;h=900400f9a8e2cb8aad10b8a66aac65d2c0af0f60
Package: crypto-utils-2.4.1-45.fc20
Build: https://koji.fedoraproject.org/koji/buildinfo?buildID=493061

crypto-utils-2.4.1-45.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/crypto-utils-2.4.1-45.fc20

Commit: http://pkgs.fedoraproject.org/gitweb/?p=crypto-utils.git;a=commitdiff;h=900400f9a8e2cb8aad10b8a66aac65d2c0af0f60
Package: crypto-utils-2.4.1-45.fc19
Build: https://koji.fedoraproject.org/koji/buildinfo?buildID=493076

crypto-utils-2.4.1-45.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/crypto-utils-2.4.1-45.fc19

*** Bug 1017960 has been marked as a duplicate of this bug. ***

Package crypto-utils-2.4.1-46.fc19:
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing crypto-utils-2.4.1-46.fc19'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-1390/crypto-utils-2.4.1-46.fc19
then log in and leave karma (feedback).

crypto-utils-2.4.1-46.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

crypto-utils-2.4.1-48.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.