Re: [openssl-users] Help with making a SHA >1 certificate

Mon, 06 Nov 2017 16:03:07 -0800 

Charles, I am no expert either - sorry.

However, the question about why is your signed certificate at least not
getting to be over 1 year in "length?"   What is the duration of the CA's
certificate?

--------------------------
Warron French


On Mon, Nov 6, 2017 at 5:04 PM, Charles Mills <charl...@mcn.org> wrote:

> Please forgive my ignorance here. I’m really not a certificate expert. I’m
> a software developer trying to make certificates to use in a testing
> situation.
>
>
>
> I’ve got some scripts that I have been using for years. I’ve just upgraded
> to 1.10f (but there are no upgrade issues that I know of – that’s not the
> problem).
>
>
>
> My last test certificate expired. So I am trying to make another one. All
> I seem to be able to make are SHA-1 signed certificates, but I’m trying to
> load them into a FIPS-140 (non-OpenSSL) key repository and it is failing, I
> think because of the SHA-1. Here is how I am making the certificate. What
> do I have to do differently to make a SHA-512 (or at least some SHA > 1)
> certificate?
>
>
>
> C:\OpenSSL-Win32-110f\bin\openssl.exe req -newkey rsa:2048 -sha512
> -keyout %1.key.pem -out %1.req.pem -config openssl_edited_win32_default.cfg
> -extensions usr_cert -reqexts usr_cert -nodes -days 3650
>
> C:\OpenSSL-Win32-110f\bin\openssl req -text -in %1.req.pem -sha512
>
> C:\OpenSSL-Win32-110f\bin\openssl.exe ca -in %1.req.pem -config
> CMC_root_config.cnf -out %1.pem -verbose -cert CMC_root.pem -keyfile
> CMC_root.key.pem -passin pass:password
>
>
>
> Here is what I end up with:
>
>
>
>     Signature Algorithm: sha1WithRSAEncryption
>
>         Issuer: CN=Charles Mills Consulting, LLC, ST=California,
> C=US/emailAddress=charl...@mcn.org, O=Charles Mills Consulting, LLC
>
>         Validity
>
>             Not Before: Nov  6 19:13:09 2017 GMT
>
>             Not After : Nov  6 19:13:09 2018 GMT
>
>         Subject: CN=Charles Mills Consulting, LLC, ST=California,
> C=US/emailAddress=charl...@mcn.org, O=CZAGENT_Nov2017
>
>         Subject Public Key Info:
>
>             Public Key Algorithm: rsaEncryption
>
>                 Public-Key: (2048 bit)
>
>
>
> While we’re at it, why doesn’t my –days 3650 seem to have any effect?
>
>
>
> Thanks!
>
>
>
> *Charles *
>
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to