On Fri, Aug 15, 2008 at 8:15 PM, Larry Bugbee <[EMAIL PROTECTED]> wrote:
>> Is it possible to define other (SHA512, SHA256, etc)
>> SignatureAlgorithms for use?
>
> Yes, if you use 0.9.9-dev. Take a look at ftp.openssl.org. (Cert sigs
> using 0.9.8 always used SHA-1 regardless of how I attempted to specify
> SHA-256
> etc.)______________________________________________________________________
actually, i think i stumbled on the solution -- with 'just'
openssl version
OpenSSL 0.9.8g 19 Oct 2007
seems the 'openssl req ...' step for cert signing ignores the settings
in openssl.cnf. at least, i have not found a setting that it does
grab.
but, if in that original cert signing i specify,
openssl req \
-new -newkey rsa \
-x509 \
--> -sha512 \
...
then the cert picks that up, and i get the desired,
openssl x509 -noout -text -in ca.crt | grep Signature
Signature Algorithm: sha512WithRSAEncryption
not terribly clear to me in the docs.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
