The following certs were generated using a popular commercial CA. The cert-sign cert verifies okay; the cert-sign cert does NOT verify the crl-sign cert -- OpenSSL verify command claims the padding is wrong. Any clues? Any die-hard DER bit-twiddlers have any advice? Thanks, much, in advance. /r$ -------- $ openssl verify -verbose -CAfile ca_certificateSign.pem ca_certificateSign.pem ca_certificateSign.pem: OK $ openssl verify -verbose -CAfile ca_certificateSign.pem ca_crlSign.pem 323:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1: block type is not 01:.\crypto\rsa\rsa_pk1.c:119: 323:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT: padding check failed:.\crypto\rsa\rsa_eay.c:419: 323:error:0D079006:asn1 encoding routines:ASN1_VERIFY: bad get asn1 object call:.\crypto\asn1\a_verify.c:110: ca_crlSign.pem: /C=us/O=Certco/OU=interop testing/CN=Baltimore CA error 7 at 0 depth lookup:certificate signature failure
dn: cn=Baltimore CA,ou=interop testing,o=Certco,c=us -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIEN8FiVTANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQG EwJ1czEPMA0GA1UEChMGQ2VydGNvMRgwFgYDVQQLEw9pbnRlcm9wIHRlc3Rp bmcxFTATBgNVBAMTDEJhbHRpbW9yZSBDQTAeFw05OTA4MjMxNTAyMThaFw0w OTA4MjAxMDAyMTZaME8xCzAJBgNVBAYTAnVzMQ8wDQYDVQQKEwZDZXJ0Y28x GDAWBgNVBAsTD2ludGVyb3AgdGVzdGluZzEVMBMGA1UEAxMMQmFsdGltb3Jl IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAst3PWKWhFLeg gxuLTtGv4GXUUNngm5lkFfIUJh1ZdUplq4NBjF85B++rwvtqrY9E4zM+g4lK 4JyAZQaWuOJRveLpLx38MPDris3EPFpg8kcSsJvx3bb2cKbhgA/M2n/JbNi6 lNMg+6UWHSyQOVyJDL75ZJYN7rghkIH/HLX6snRiIWEFLQi2Pcdn0hveAeLc QM+ZUZtEBbZkF+4gyMw7bKgEcMI0t/WtNN6SAslwLes/yV2Y4wse3lWmLcHM KakvNaCyDQlGpni+x7KptR3FHCRNCIgroGpqs3yEWuCdnLhENTRzPeOzPFw6 pATSkowD9Poi2SGNt0Vm2IWsnCq9YwIDAQABoyMwITAPBgNVHRMBAf8EBTAD AQH/MA4GA1UdDwEB/wQEAwIBAjANBgkqhkiG9w0BAQUFAAOCAQEAqprs9+ix 4fHq9MuUBa9+Y8OzFuDQn+GthiMJO+AkbIFdmaPgDx4PSwnIVjrbq0CObkR5 nuRohTL85Ltn3TBTW07Kfk9w7OT3CyS02j7x/0zli99z1BFEnVeQ0HFQ3kBz C5+0sq2Ahc8Xc+hy+tFLYQBFxdG8ylIFT/lAi/IpogqRqv+lLDge0D/lYcoa a1ju9FuvU/XUmZsAVQXp8kHeYKiHhtK8pldUa7qG7DKNocY7DH2gcjQxIXwr beX74OW0eMX9ZBlEPCFrS7tg7rRncUeHYBrjIsgilWG+TtyADqKonXd+P3qf l0qYEqObJGOI/fS0BH9cZCMio0fGxnLFkw== -----END CERTIFICATE-----
dn: cn=Baltimore CA,ou=interop testing,o=Certco,c=us -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIEN8FiWjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQG EwJ1czEPMA0GA1UEChMGQ2VydGNvMRgwFgYDVQQLEw9pbnRlcm9wIHRlc3Rp bmcxFTATBgNVBAMTDEJhbHRpbW9yZSBDQTAeFw05OTA4MjMxNTAyMTdaFw0w OTA4MjAxMDAyMTdaME8xCzAJBgNVBAYTAnVzMQ8wDQYDVQQKEwZDZXJ0Y28x GDAWBgNVBAsTD2ludGVyb3AgdGVzdGluZzEVMBMGA1UEAxMMQmFsdGltb3Jl IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/x9K9r1uvhm iPI7+pY0XC9kjUcNy3m3XmVdD628wkhosheHLGOCdg5pZJ0ttG5PRW5AFptk fE5joZeXfmNxw0sOI4jLgrNpNjxwrXfhkCuRVNB6VlSH1ktIhwsZbTBu3aRF QuKzteuAiMuZWMAqyZ4MmBXS1000XcD1bs5jmZNldJhQ5+xOmO6wxriaus1n b3UoygkBM8Ipy8m06481HU6Qd6+x7W7HK2wb36UTU6G0bHEnQFCGqXVUwY1D 2gXdT5qG3SStcq9T9Z5jnx8HojVHYewQz33SkPKiKofR67mjXZQfiuUY82df /DaTPNmpdl8cqI0CotCT71/JjncYWQIDAQABoyMwITAPBgNVHRMBAf8EBTAD AQH/MA4GA1UdDwEB/wQEAwICBDANBgkqhkiG9w0BAQUFAAOCAQEAUl7pbMJn DIWMhAFsLbGfQjtik/0LCylTulcaUTdai2Ux2HlYo+6Iq5bWtWcE8Sd3tBhn KnduqmBpJSXFGwa5iEp40KDDxA35jqJytR2zK0zjjbnAvLfop60jTfMb+umt c8W3Y0tkok4PXJspOZS4FUZuTheBFZQi8Urjwoj71SpavliOv1nd3j5i2X+J uGT+i4guz2h1TdVn35jw+TwCKcKnDE8PLCwwa79794L72lsJkBZWWj1b8QHf QtRMebNn3xYLzpTYrXL/Ik86qr0YmzE4Zq0reH5wsmKxhcrBI0ujvfyEvEVc INEmZpXpeKIURPwAMoKw6RmGUY7z+0bcjg== -----END CERTIFICATE-----