Obviously the real source of my problem was from OpenCA or OpenSSL not finding
the default_md setting.
>Nevertheless I changed the default_md of the CA from md5 to sha1.
Where abouts would it read this default_md setting from?
I remove my 'hack-around'and create a CA cert.
Now, using grep to hunt down the source of the problem, aside from an item in
the contrib folder, everywhere else has default_md set at sha1, some md5 lines
commented out and replaced with sha1.
>From OpenCA Cert generation:
...
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: md5WithRSAEncryption
60:58:78:02:91:bb:dd:90:45:2c:61:48:4b:24:8a:14:90:c9:
c5:1f:2d:42:21:38:da:ed:23:58:22:36:db:43:77:c1:18:47:
...
Now grep to check default_md settings.
[root@myhostname openca-0.9.1]# grep -r -n "default_md" *
contrib/openssl/openssl.cnf:60:default_md = md5 # which
md to use.
src/common/etc/openssl/ra-openssl.cnf.in:64:default_md = sha1
# which md to use.
src/common/etc/openssl/sample-openssl.conf.in:61:default_md = sha1
# which md to use.
src/common/etc/openssl/ca-openssl.cnf.in:64:#default_md = md5
# which md to use.
src/common/etc/openssl/ca-openssl.cnf.in:65:default_md = sha1
src/common/etc/openssl/openssl/RA_Operator.conf.in:61:default_md = sha1
# which md to use.
src/common/etc/openssl/openssl/Web_Server.conf.in:61:default_md = sha1
# which md to use.
src/common/etc/openssl/openssl/Cross_CA.conf.in:61:default_md = sha1
# which md to use.
src/common/etc/openssl/openssl/CA_Operator.conf.in:61:default_md = sha1
# which md to use.
src/common/etc/openssl/openssl/VPN_Server.conf.in:61:default_md = sha1
# which md to use.
src/common/etc/openssl/openssl/User.conf.in:61:default_md = sha1
# which md to use.
src/common/etc/openssl/openssl/Mail_Server.conf.in:61:default_md = sha1
# which md to use.
src/common/etc/openssl/openssl/Sub-CA.conf.in:61:default_md = sha1
# which md to use.
src/common/etc/openssl/openssl/CA_Operator.conf:61:default_md = sha1
# which md to use.
src/common/etc/openssl/openssl/Cross_CA.conf:61:default_md = sha1
# which md to use.
src/common/etc/openssl/openssl/Mail_Server.conf:61:default_md = sha1
# which md to use.
src/common/etc/openssl/openssl/RA_Operator.conf:61:default_md = sha1
# which md to use.
src/common/etc/openssl/openssl/Sub-CA.conf:61:default_md = sha1
# which md to use.
src/common/etc/openssl/openssl/User.conf:61:default_md = sha1
# which md to use.
src/common/etc/openssl/openssl/VPN_Server.conf:61:default_md = sha1
# which md to use.
src/common/etc/openssl/openssl/Web_Server.conf:61:default_md = sha1
# which md to use.
src/common/etc/openssl/ra-openssl.cnf:64:default_md = sha1
# which md to use.
src/common/etc/openssl/sample-openssl.conf:61:default_md = sha1
# which md to use.
src/common/etc/openssl/ca-openssl.cnf:64:#default_md = md5
# which md to use.
src/common/etc/openssl/ca-openssl.cnf:65:default_md = sha1
[root@myhostname openca-0.9.1]#
Regards,
Craig
-------------------------------------------------------
This sf.net email is sponsored by: viaVerio will pay you up to
$1,000 for every account that you consolidate with us.
http://ad.doubleclick.net/clk;4749864;7604308;v?
http://www.viaverio.com/consolidator/osdn.cfm
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
