On 27-02-2013 23:54, John Unsworth wrote:
I have a Windows CA that has created a sha256RSA CA cert and server cert.
However OpenSSL fails to validate them.
C:\MetaAndDirectory\certs>openssl verify -verbose -CAfile win2k8r2-ca.cer
win2k8r2-server.cer
win2k8r2-server.cer: /DC=net/DC=cp/DC=macc/CN=macc-JOHN-WIN2K8R2-1-CA
error 7 at 1 depth lookup:certificate signature failure
7892:error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message
digest algorithm:.\crypto\asn1\a_verify.c:141:
C:\MetaAndDirectory\certs>openssl ciphers
DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DS
S-DE
S-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:A
ES12
8-SHA:IDEA-CBC-SHA:IDEA-CBC-MD5:RC2-CBC-MD5:DHE-DSS-RC4-SHA:RC4-SHA:RC4-MD5:
RC4-
MD5:RC4-64-MD5:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EXP1024-RC2-C
BC-M
D5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP1024-D
HE-D
SS-RC4-SHA:EXP1024-RC4-SHA:EXP1024-RC4-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-D
SS-D
ES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-R
C4-M
D5
Try the command
openssl version
I suspect you may not be running the OpenSSL version you think!
(Note that the "openssl ciphers" command lists SSL/TLS protocol cipher
suites, not the individual
ciphers in other parts of OpenSSL, however the output above looks like
it is from an older
version).
--
Jakob Bohm, CIO, partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. direct: +45 31 13 16 10
<call:+4531131610>
This message is only for its intended recipient, delete if misaddressed.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
