Hi All, We are required to upgrade the sizes of private/public key pairs to 3072 bits from 1024 bits. We have two main data structures, X509Stack and PKCS7. We fill these two structures at the initialization by reading the PEM files on disk.
During the upgrade process, I pick the X509stack and pick the certificate and generate the new keys with 3072 bits size. Also, I am successfully able to set the public key for this cert using the API X509_set_pubkey. Using the new public key in the Cert and the new private key, we prepare a certificate request that is to be sent to the CA server. Along with the new certificate request, we also send the Cert chain (PKCS value) to the provisioning server for verification. PKCS value is not really touched here. On the provisioning end, when we call "X509_verify_cert" it always fails with the error, "Certificate Verification error : 7". this stands for X509_V_ERR_CERT_SIGNATURE_FAILURE Is there anything I am doing wrong in this flow? Or can anybody comment on the approach I am using for the key size upgrade. Please let me know. Thanks, Josh
