Warron French
Please forgive my ignorance here. I’m really not a certificate expert. I’m a software developer trying to make certificates to use in a testing situation.
I’ve got some scripts that I have been using for years. I’ve just upgraded to 1.10f (but there are no upgrade issues that I know of – that’s not the problem).
My last test certificate expired. So I am trying to make another one. All I seem to be able to make are SHA-1 signed certificates, but I’m trying to load them into a FIPS-140 (non-OpenSSL) key repository and it is failing, I think because of the SHA-1. Here is how I am making the certificate. What do I have to do differently to make a SHA-512 (or at least some SHA > 1) certificate?
C:\OpenSSL-Win32-110f\bin\
openssl.exe req -newkey rsa:2048 -sha512 -keyout %1.key.pem -out %1.req.pem -config openssl_edited_win32_default. cfg -extensions usr_cert -reqexts usr_cert -nodes -days 3650 C:\OpenSSL-Win32-110f\bin\
openssl req -text -in %1.req.pem -sha512 C:\OpenSSL-Win32-110f\bin\
openssl.exe ca -in %1.req.pem -config CMC_root_config.cnf -out %1.pem -verbose -cert CMC_root.pem -keyfile CMC_root.key.pem -passin pass:password
Here is what I end up with:
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=Charles Mills Consulting, LLC, ST=California, C=US/emailAddress=charlesm@
mcn.org , O=Charles Mills Consulting, LLCValidity
Not Before: Nov 6 19:13:09 2017 GMT
Not After : Nov 6 19:13:09 2018 GMT
Subject: CN=Charles Mills Consulting, LLC, ST=California, C=US/emailAddress=charlesm@
mcn.org , O=CZAGENT_Nov2017Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
While we’re at it, why doesn’t my –days 3650 seem to have any effect?
Thanks!
Charles
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
