I have a Windows CA that has created a sha256RSA CA cert and server cert. However OpenSSL fails to validate them.
C:\MetaAndDirectory\certs>openssl verify -verbose -CAfile win2k8r2-ca.cer win2k8r2-server.cer win2k8r2-server.cer: /DC=net/DC=cp/DC=macc/CN=macc-JOHN-WIN2K8R2-1-CA error 7 at 1 depth lookup:certificate signature failure 7892:error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm:.\crypto\asn1\a_verify.c:141: C:\MetaAndDirectory\certs>openssl ciphers DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DS S-DE S-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:A ES12 8-SHA:IDEA-CBC-SHA:IDEA-CBC-MD5:RC2-CBC-MD5:DHE-DSS-RC4-SHA:RC4-SHA:RC4-MD5: RC4- MD5:RC4-64-MD5:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EXP1024-RC2-C BC-M D5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP1024-D HE-D SS-RC4-SHA:EXP1024-RC4-SHA:EXP1024-RC4-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-D SS-D ES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-R C4-M D5 CA Cert -----BEGIN CERTIFICATE----- MIIDnTCCAoWgAwIBAgIQY7th3A/CH45AnLJxYXLjMjANBgkqhkiG9w0BAQsFADBh MRMwEQYKCZImiZPyLGQBGRYDbmV0MRIwEAYKCZImiZPyLGQBGRYCY3AxFDASBgoJ kiaJk/IsZAEZFgRtYWNjMSAwHgYDVQQDExdtYWNjLUpPSE4tV0lOMks4UjItMS1D QTAeFw0xMzAyMTQwOTM1MjdaFw0xODAyMTQwOTQ1MjVaMGExEzARBgoJkiaJk/Is ZAEZFgNuZXQxEjAQBgoJkiaJk/IsZAEZFgJjcDEUMBIGCgmSJomT8ixkARkWBG1h Y2MxIDAeBgNVBAMTF21hY2MtSk9ITi1XSU4ySzhSMi0xLUNBMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA39cWuBsjjRAnucem7SgcfthbSrSk2+kOPQkT wqHBZWRMeQyKrlsDiQJJ/qJ2RZED/3z1KGQsJPswnUw04CcZjNnI95JzgO02fmHV QLYaTltRe76ChKPftzQjnEPIUlRjanhAD1ZwI/8jcFNEEpEiG498UVbTpC29Ikba k285ucTrIddPG+AEWngyZUatIfZh1fREnLx3SSeL6T3ZPqFCtBAaXFp26/fHGZO/ eNlq4pAS3AyWR1bOVG1pnVaeMml3FI6geEGa2ERSoY2jMM7vKY6vciZ90zXgCQKo lDDpjDZo2oVXFky1FoTg/QppWSZvajG3blUpaMIi8MlJd8Dl/wIDAQABo1EwTzAL BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU3YzslermWxwd kTs3+VWZ9+w8qOAwEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQELBQADggEB AMm5MwdK4PWIJFX4YuMBsAW6yOOVguDdcl2YqyakgRxadyjJpY4xJXCM9cryZQNe z+BkYV0lt9qEQLzm+4GWxErNTRZItx8v0opo2bVERE7PIqYpb0KKsdInkeZOWpcP +aan4RCm7e2DrDlogn2M9k2rb4+ruN8YVvTOnbB3SKUe8xbGhMjCSMyQkiP5q17m VLtDP3hdpuixcVk2eiR+YcDQ6RHhP583cGyb8P2/vDQqUZtLLy0tOTrYOBFXpR/l WxlqudZ7Nt96L/+WeBxzlCZPJ6y1jYEljSolcgwucCA5FrnlFLNUfIm8jhvEm7xW lBWif8W5IlY1CscW6AV87U4= -----END CERTIFICATE----- Server Cert -----BEGIN CERTIFICATE----- MIIGJjCCBQ6gAwIBAgIKe1JMvAAAAAAAAjANBgkqhkiG9w0BAQsFADBhMRMwEQYK CZImiZPyLGQBGRYDbmV0MRIwEAYKCZImiZPyLGQBGRYCY3AxFDASBgoJkiaJk/Is ZAEZFgRtYWNjMSAwHgYDVQQDExdtYWNjLUpPSE4tV0lOMks4UjItMS1DQTAeFw0x MzAyMTQxMDMwMzlaFw0xNDAyMTQxMDMwMzlaMCYxJDAiBgNVBAMTG2pvaG4td2lu Mks4UjItMS5tYWNjLmNwLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAKhalYGenFlgdWwIkmN5fmOZ57SsAEF2jpAnD9GPjTWZk57m2uQiffNJ4JVB cjqnrSJThYO7/BIJZjz6uW+wEyiLz8XlU54wXFg6ihdZLQbkUDnl+BmPaJNftrOc 9JHryHnR9+PDLms+kVP05rWe9LRZSB0twZ98Yqyi54XGlWbgFfAoaq53qNHirtEn P6YWwceJ/wJBcfVs3FTYg3RgMW2lrQRN8QdIuRoEzgBXj7gfOPbLLzG6tpR8godx yHusE1prcgpKg5YI2GI2w7TdHV3ruzXfto9BtR9camEzKDby+3HWbUiFICJOp3Kk WOzfrEj4JvRqQZkJKh3FDkfDZQsCAwEAAaOCAxkwggMVMC8GCSsGAQQBgjcUAgQi HiAARABvAG0AYQBpAG4AQwBvAG4AdAByAG8AbABsAGUAcjAdBgNVHSUEFjAUBggr BgEFBQcDAgYIKwYBBQUHAwEwDgYDVR0PAQH/BAQDAgWgMHgGCSqGSIb3DQEJDwRr MGkwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDALBglghkgBZQMEASow CwYJYIZIAWUDBAEtMAsGCWCGSAFlAwQBAjALBglghkgBZQMEAQUwBwYFKw4DAgcw CgYIKoZIhvcNAwcwHQYDVR0OBBYEFN1LR7fzS5v29s25kngs6h+9ag+vMB8GA1Ud IwQYMBaAFN2M7JXq5lscHZE7N/lVmffsPKjgMIHgBgNVHR8EgdgwgdUwgdKggc+g gcyGgclsZGFwOi8vL0NOPW1hY2MtSk9ITi1XSU4ySzhSMi0xLUNBLENOPWpvaG4t d2luMks4UjItMSxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049 U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1tYWNjLERDPWNwLERDPW5ldD9j ZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlz dHJpYnV0aW9uUG9pbnQwgcwGCCsGAQUFBwEBBIG/MIG8MIG5BggrBgEFBQcwAoaB rGxkYXA6Ly8vQ049bWFjYy1KT0hOLVdJTjJLOFIyLTEtQ0EsQ049QUlBLENOPVB1 YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRp b24sREM9bWFjYyxEQz1jcCxEQz1uZXQ/Y0FDZXJ0aWZpY2F0ZT9iYXNlP29iamVj dENsYXNzPWNlcnRpZmljYXRpb25BdXRob3JpdHkwRwYDVR0RBEAwPqAfBgkrBgEE AYI3GQGgEgQQtDBN2r1TqUiH/vYxHa/TmoIbam9obi13aW4ySzhSMi0xLm1hY2Mu Y3AubmV0MA0GCSqGSIb3DQEBCwUAA4IBAQBbx8h9mpdcWZabC6irh91eZzu8Yhba 4eRE/YuqWe/rad738/ffYLBdEfPjMEL/xoW2rncCvXEv7JNnU41UI23cAwvB6gAI VLkMllREdbneSG9II/G1ZcULof604sygAO1kfr9Gi9vHTNnIhjlw4O9+wrdFsC/S M9YeeLgGhe1BO9FMKvwe20o0Gu9Xn1TPThXrTlTFEK/dqpn8HPgQTpoAeN3RoyK/ fzeLpvvg2QaMr3FtvCWR/aAm49r37euENhLe2seeZ49ws0bHaMcXu5PAmyiJ8u1M G2c5BtFdSere8y/DzQ68yKLxHWJf+jjb0DcE+86cWY6D8oMkngrTp+Cu -----END CERTIFICATE----- Help and advice would be appreciated. John. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
