Hey all,
Thanks a lot for your comments, they helped me to realize that I was
configuring/doing something wrong.
I was hitting the CSR creation issues on a virtual machine, and the source
of the wrong signature seems to be related to the virtualization type I was
using.
When using qemu the issue
Yeah, it looks like the signature is just wrong. Even setting aside the
question of padding, I used rsautl -verify -raw on the signature using the
CSR's public key, and I would expect to see a pair of sequence tags (0x30) with
sensible lengths somewhere inside, and I don't.
hulk:/tmp $ openssl
On Mon, Mar 26, 2018 at 6:15 PM, Felipe Gasper
wrote:
> I see the same errors with 1.0.2n.
>
> Going by posts I see out-and-about about this error, there seem to be two
> possibilities:
>
> 1) There’s an RSA padding scheme mismatch. Maybe your openssl.cnf has
> something nonstandard, e.g., raw pa
OK, I see the verify error with the CSR you sent, so it's an issue with
creating the CSR, not with verifying it.
Beyond that I don't see the issue, but I'd have to debug it (or decrypt the
signature manually) to see what exactly the problem is. OpenSSL is complaining
that it expects the signatu
I see the same errors with 1.0.2n.
Going by posts I see out-and-about about this error, there seem to be two
possibilities:
1) There’s an RSA padding scheme mismatch. Maybe your openssl.cnf has something
nonstandard, e.g., raw padding rather than PKCS1?
2) The signature is simply incorrect. It
Sure, here it is:
$ cat CSR.csr
-BEGIN CERTIFICATE REQUEST-
MIIChzCCAW8CAQAwQjELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0
eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAOJuhJcO1eqtGE8Yc7P4cSgSwlwyuAe8AYzseGCqwAEY
XHVdAXaPspJcRyP2ndz2AmYfytPPogFEWPn
But what is the actual PEM of the CSR?
It should look like:
-BEGIN CERTIFICATE REQUEST-
...
-END CERTIFICATE REQUEST-
-FG
> On Mar 26, 2018, at 11:47 AM, Jon Uriarte wrote:
>
> Thanks for your replies.
>
> I'm creating the CSR with the default values.
>
> $ openssl req -noou
Thanks for your replies.
I'm creating the CSR with the default values.
$ openssl req -noout -text -in CSR.csr
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=XX, L=Default City, O=Default Company Ltd
Subject Public Key Info:
Public Key Algorithm: rsa
I just tried the same commands on my system, using 1.0.2n, and didn't have any
problems (as I'd expect).
What's the output of openssl asn1parse -dump -in CSR.csr?
--
Michael Wojcik
Distinguished Engineer, Micro Focus
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mai
Can you paste one of the CSRs that fails verification?
-Felipe
> On Mar 26, 2018, at 11:19 AM, Jon Uriarte wrote:
>
> Hi folks,
>
> I'm hitting some issues when trying to create SSL certificates and was
> wondering if any around could help with this.
> I can create a CSR and sign it with a ne
Hi folks,
I'm hitting some issues when trying to create SSL certificates and was
wondering if any around could help with this.
I can create a CSR and sign it with a newly created key:
$ openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout
privateKey.key
Generating a 2048 bit RSA priv
11 matches
Mail list logo
