Can you be more specific about what your problem is? The cert appears
to be a self-signed cert.
The command "openssl x509 -in test.pem -noout -text" generates:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d2:4e:d0:af:62:63:da:1b
Signature Algorithm: ecdsa-with-SHA1
Issuer: C=US, ST=Some-State, O=Internet Widgits Pty Ltd
Validity
Not Before: Feb 13 05:37:39 2008 GMT
Not After : Feb 12 05:37:39 2009 GMT
Subject: C=US, ST=Some-State, O=Internet Widgits Pty Ltd
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
EC Public Key:
pub:
04:f3:26:32:97:d1:db:f9:e6:18:40:53:95:f7:67:
f7:ab:52:25:96:aa:58:d2:8e:dc:6d:d3:a5:e5:5d:
11:95:e7:73:f9:b3:24:df:5e:4f:b1:5e:55:49:66:
3e:a4:39:3c:c5:a4:74:f0:a3:62:35:94:23:aa:e5:
db:83:67:07:35
ASN1 OID: prime256v1
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:9B:18:14:7F:52:88:EB:C5:86:BE:B3:68:9E:BE:39:F3:A6:2B:E2
X509v3 Authority Key Identifier:
keyid:E6:9B:18:14:7F:52:88:EB:C5:86:BE:B3:68:9E:BE:39:F3:A6:2B:E2
DirName:/C=US/ST=Some-State/O=Internet Widgits Pty Ltd
serial:D2:4E:D0:AF:62:63:DA:1B
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: ecdsa-with-SHA1
30:45:02:21:00:a7:58:a0:52:62:be:42:dd:53:83:6d:4c:c4:
4f:dd:96:24:56:f5:f8:6b:76:ec:3f:cf:fa:0b:41:8c:6c:4b:
85:02:20:24:00:ae:a7:fb:1b:37:cf:77:f6:3e:2e:47:22:ed:
ba:21:0b:79:32:31:3a:07:2b:2f:32:0e:81:4f:8c:eb:b0
Bill
________________________________
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nabil Ghadiali
Sent: February 13, 2008 12:40 AM
To: openssl-users@openssl.org
Subject: ECC Self-Signed Certificate
Can someone help me with the command to generate a self-signed
certificate using openssl?
I have used the following steps and when I get a certificate and open up
it says "the signature is invalid". Am I missing something?
I have created an ECC key pair using the following:
openssl ecparam -out key.pem -name prime256v1 -genkey
I create the request using the following
openssl req -new -key key.pem -out req.pem
I create the self-signed certificate using the following
openssl req -x509 -in req.pem -days 365 -key key.pem
I cannot tell why the certificate that is generated doesn't work. I am
pasting the generated certificate as well
-----BEGIN CERTIFICATE-----
MIICJzCCAc6gAwIBAgIJANJO0K9iY9obMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
VVMxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdp
dHMgUHR5IEx0ZDAeFw0wODAyMTMwNTM3MzlaFw0wOTAyMTIwNTM3MzlaMEUxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5l
dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATzJjKX
0dv55hhAU5X3Z/erUiWWqljSjtxt06XlXRGV53P5syTfXk+xXlVJZj6kOTzFpHTw
o2I1lCOq5duDZwc1o4GnMIGkMB0GA1UdDgQWBBTmmxgUf1KI68WGvrNonr4586Yr
4jB1BgNVHSMEbjBsgBTmmxgUf1KI68WGvrNonr4586Yr4qFJpEcwRTELMAkGA1UE
BhMCVVMxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdp
ZGdpdHMgUHR5IEx0ZIIJANJO0K9iY9obMAwGA1UdEwQFMAMBAf8wCQYHKoZIzj0E
AQNIADBFAiEAp1igUmK+Qt1Tg21MxE/dliRW9fhrduw/z/oLQYxsS4UCICQArqf7
GzfPd/Y+Lkci7bohC3kyMToHKy8yDoFPjOuw
-----END CERTIFICATE-----
Thanks,
Nabil
