Re: ECC Self-Signed Certificate

Wed, 13 Feb 2008 05:00:49 -0800 

On Wed, Feb 13, 2008 at 12:40:18AM -0500, Nabil Ghadiali wrote:

> Can someone help me with the command to generate a self-signed certificate
> using openssl?
> 
>  
> 
> I have used the following steps and when I get a certificate and open up it
> says "the signature is invalid". Am I missing something?

What does "open it up" mean? The self-signed EC cert you posted looks
fine.

$ openssl verify -CAfile foo.pem -purpose crlsign foo.pem
foo.pem: OK

$ openssl x509 -text -in foo.pem
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            d2:4e:d0:af:62:63:da:1b
        Signature Algorithm: ecdsa-with-SHA1
        Issuer: C=US, ST=Some-State, O=Internet Widgits Pty Ltd
        Validity
            Not Before: Feb 13 05:37:39 2008 GMT
            Not After : Feb 12 05:37:39 2009 GMT
        Subject: C=US, ST=Some-State, O=Internet Widgits Pty Ltd
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:f3:26:32:97:d1:db:f9:e6:18:40:53:95:f7:67:
                    f7:ab:52:25:96:aa:58:d2:8e:dc:6d:d3:a5:e5:5d:
                    11:95:e7:73:f9:b3:24:df:5e:4f:b1:5e:55:49:66:
                    3e:a4:39:3c:c5:a4:74:f0:a3:62:35:94:23:aa:e5:
                    db:83:67:07:35
                ASN1 OID: prime256v1
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:9B:18:14:7F:52:88:EB:C5:86:BE:B3:68:9E:BE:39:F3:A6:2B:E2
            X509v3 Authority Key Identifier:
                
keyid:E6:9B:18:14:7F:52:88:EB:C5:86:BE:B3:68:9E:BE:39:F3:A6:2B:E2
                DirName:/C=US/ST=Some-State/O=Internet Widgits Pty Ltd
                serial:D2:4E:D0:AF:62:63:DA:1B

            X509v3 Basic Constraints:
                CA:TRUE
    Signature Algorithm: ecdsa-with-SHA1
        30:45:02:21:00:a7:58:a0:52:62:be:42:dd:53:83:6d:4c:c4:
        4f:dd:96:24:56:f5:f8:6b:76:ec:3f:cf:fa:0b:41:8c:6c:4b:
        85:02:20:24:00:ae:a7:fb:1b:37:cf:77:f6:3e:2e:47:22:ed:
        ba:21:0b:79:32:31:3a:07:2b:2f:32:0e:81:4f:8c:eb:b0
-----BEGIN CERTIFICATE-----
MIICJzCCAc6gAwIBAgIJANJO0K9iY9obMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
VVMxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdp
dHMgUHR5IEx0ZDAeFw0wODAyMTMwNTM3MzlaFw0wOTAyMTIwNTM3MzlaMEUxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5l
dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATzJjKX
0dv55hhAU5X3Z/erUiWWqljSjtxt06XlXRGV53P5syTfXk+xXlVJZj6kOTzFpHTw
o2I1lCOq5duDZwc1o4GnMIGkMB0GA1UdDgQWBBTmmxgUf1KI68WGvrNonr4586Yr
4jB1BgNVHSMEbjBsgBTmmxgUf1KI68WGvrNonr4586Yr4qFJpEcwRTELMAkGA1UE
BhMCVVMxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdp
ZGdpdHMgUHR5IEx0ZIIJANJO0K9iY9obMAwGA1UdEwQFMAMBAf8wCQYHKoZIzj0E
AQNIADBFAiEAp1igUmK+Qt1Tg21MxE/dliRW9fhrduw/z/oLQYxsS4UCICQArqf7
GzfPd/Y+Lkci7bohC3kyMToHKy8yDoFPjOuw
-----END CERTIFICATE-----

-- 
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to