On 21/11/14 14:43, Charles Mills wrote: > I posted the certificates. What's next? > > Charles
The key sizes look ok to me. As I said I'm no FIPS expert, but this page http://wiki.openssl.org/index.php/FIPS_mode_and_TLS says the following: "The RSA key in the certificate has to be of suitable size (2048 bits minimum) as do all other keys in the chain and none of the CAs can sign using SHA1." But your certificates say: Signature Algorithm: sha1WithRSAEncryption So I'm wondering if that is the problem? Failing that you may need to approach IBM since the alert is being generated from their code. Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
