On Wed, Jul 08, 2009, rajanchittil wrote: > > I am also having the same problem .Is any one got the solution for this ... > > > My configure file has this entry > > > [ req ] > default_bits = 2048 > default_keyfile = $HOME/exampleca/private/cakey.pem > default_md = sha1 > prompt = no > distinguished_name = root_ca_distinguished_name > x509_extensions = root_ca_extensions > > [ root_ca_distinguished_name ] > commonName = Example CA > stateOrProvinceName = Virginia > countryName = US > emailAddress = c...@exampleca.org > organizationName = Root Certification Authority > > > openssl req -newkey rsa:2048 -keyout $HOME/server_req/server_priv_key.pem > -keyform PEM -out $HOME/server_req/server_req.pem -outform PEM > > But when i am trying to display the private key ,i am getting this error > > # openssl rsa -in $HOME/server_req/server_priv_key.pem -pubout -text > Enter pass phrase for //server_req/server_priv_key.pem: > unable to load Private Key > 221296:error:06080090:digital envelope routines:EVP_DigestInit_ex:disabled > for fips:digest.c:292: > 221296:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad > decrypt:evp_enc.c:337: > 221296:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:428: > > My digest is sha1 .. Can you please help me >
The digest referred to is the default key derivation algorithm used to encrypt private keys which uses MD5. If the first command was run outside FIPS mode and the second inside FIPS mode that is the error. Keys generated outside FIPS mode should not be used inside FIPS mode. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
