Hi folks,
I'm hitting some issues when trying to create SSL certificates and was
wondering if any around could help with this.
I can create a CSR and sign it with a newly created key:
$ openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout
privateKey.key
Generating a 2048 bit RSA private key
........................................+++
.....+++
writing new private key to 'privateKey.key'
-----
(enter CSR data)
...
But just after CSR creation, its verification fails:
$ openssl req -text -noout -verify -in CSR.csr
verify failure
139886616864656:error:0407006A:rsa
routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:103:
139886616864656:error:04067072:rsa
routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:773:
139886616864656:error:0D0C5006:asn1 encoding
routines:ASN1_item_verify:EVP lib:a_verify.c:249:
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=ES, L=Default City, O=Default Company Ltd
...
At this point, if I try to create a certificate from the CSR, it creates an
empty certificate.
Private key check returns ok:
$ openssl rsa -in privateKey.key -check
RSA key ok
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
The public key can be read from the CSR:
$ openssl req -in CSR.csr -noout -pubkey
-----BEGIN PUBLIC KEY-----
...
-----END PUBLIC KEY-----
I am working on a RHEL machine, with this openssl version:
$ rpm -qa | grep openssl
openssl-libs-1.0.2k-12.el7.x86_64
openssl-1.0.2k-12.el7.x86_64
Don't know if could be related to a missing library, and have tried to find
out the root cause of the issue in internet and mailing lists but didn't
get to it.
Any help would be very much appreciated.
Thanks!
Jon
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
