The following certs were generated using a popular commercial CA.
The cert-sign cert verifies okay; the cert-sign cert does NOT verify
the crl-sign cert -- OpenSSL verify command claims the padding is wrong.
Any clues? Any die-hard DER bit-twiddlers have any advice?
Thanks, much, in advance.
/r$
--------
$ openssl verify -verbose -CAfile ca_certificateSign.pem
ca_certificateSign.pem
ca_certificateSign.pem: OK
$ openssl verify -verbose -CAfile ca_certificateSign.pem ca_crlSign.pem
323:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:
block type is not 01:.\crypto\rsa\rsa_pk1.c:119:
323:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:
padding check failed:.\crypto\rsa\rsa_eay.c:419:
323:error:0D079006:asn1 encoding routines:ASN1_VERIFY:
bad get asn1 object call:.\crypto\asn1\a_verify.c:110:
ca_crlSign.pem: /C=us/O=Certco/OU=interop testing/CN=Baltimore CA
error 7 at 0 depth lookup:certificate signature failure
dn: cn=Baltimore CA,ou=interop testing,o=Certco,c=us
-----BEGIN CERTIFICATE-----
MIIDPzCCAiegAwIBAgIEN8FiVTANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQG
EwJ1czEPMA0GA1UEChMGQ2VydGNvMRgwFgYDVQQLEw9pbnRlcm9wIHRlc3Rp
bmcxFTATBgNVBAMTDEJhbHRpbW9yZSBDQTAeFw05OTA4MjMxNTAyMThaFw0w
OTA4MjAxMDAyMTZaME8xCzAJBgNVBAYTAnVzMQ8wDQYDVQQKEwZDZXJ0Y28x
GDAWBgNVBAsTD2ludGVyb3AgdGVzdGluZzEVMBMGA1UEAxMMQmFsdGltb3Jl
IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAst3PWKWhFLeg
gxuLTtGv4GXUUNngm5lkFfIUJh1ZdUplq4NBjF85B++rwvtqrY9E4zM+g4lK
4JyAZQaWuOJRveLpLx38MPDris3EPFpg8kcSsJvx3bb2cKbhgA/M2n/JbNi6
lNMg+6UWHSyQOVyJDL75ZJYN7rghkIH/HLX6snRiIWEFLQi2Pcdn0hveAeLc
QM+ZUZtEBbZkF+4gyMw7bKgEcMI0t/WtNN6SAslwLes/yV2Y4wse3lWmLcHM
KakvNaCyDQlGpni+x7KptR3FHCRNCIgroGpqs3yEWuCdnLhENTRzPeOzPFw6
pATSkowD9Poi2SGNt0Vm2IWsnCq9YwIDAQABoyMwITAPBgNVHRMBAf8EBTAD
AQH/MA4GA1UdDwEB/wQEAwIBAjANBgkqhkiG9w0BAQUFAAOCAQEAqprs9+ix
4fHq9MuUBa9+Y8OzFuDQn+GthiMJO+AkbIFdmaPgDx4PSwnIVjrbq0CObkR5
nuRohTL85Ltn3TBTW07Kfk9w7OT3CyS02j7x/0zli99z1BFEnVeQ0HFQ3kBz
C5+0sq2Ahc8Xc+hy+tFLYQBFxdG8ylIFT/lAi/IpogqRqv+lLDge0D/lYcoa
a1ju9FuvU/XUmZsAVQXp8kHeYKiHhtK8pldUa7qG7DKNocY7DH2gcjQxIXwr
beX74OW0eMX9ZBlEPCFrS7tg7rRncUeHYBrjIsgilWG+TtyADqKonXd+P3qf
l0qYEqObJGOI/fS0BH9cZCMio0fGxnLFkw==
-----END CERTIFICATE-----
dn: cn=Baltimore CA,ou=interop testing,o=Certco,c=us
-----BEGIN CERTIFICATE-----
MIIDPzCCAiegAwIBAgIEN8FiWjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQG
EwJ1czEPMA0GA1UEChMGQ2VydGNvMRgwFgYDVQQLEw9pbnRlcm9wIHRlc3Rp
bmcxFTATBgNVBAMTDEJhbHRpbW9yZSBDQTAeFw05OTA4MjMxNTAyMTdaFw0w
OTA4MjAxMDAyMTdaME8xCzAJBgNVBAYTAnVzMQ8wDQYDVQQKEwZDZXJ0Y28x
GDAWBgNVBAsTD2ludGVyb3AgdGVzdGluZzEVMBMGA1UEAxMMQmFsdGltb3Jl
IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/x9K9r1uvhm
iPI7+pY0XC9kjUcNy3m3XmVdD628wkhosheHLGOCdg5pZJ0ttG5PRW5AFptk
fE5joZeXfmNxw0sOI4jLgrNpNjxwrXfhkCuRVNB6VlSH1ktIhwsZbTBu3aRF
QuKzteuAiMuZWMAqyZ4MmBXS1000XcD1bs5jmZNldJhQ5+xOmO6wxriaus1n
b3UoygkBM8Ipy8m06481HU6Qd6+x7W7HK2wb36UTU6G0bHEnQFCGqXVUwY1D
2gXdT5qG3SStcq9T9Z5jnx8HojVHYewQz33SkPKiKofR67mjXZQfiuUY82df
/DaTPNmpdl8cqI0CotCT71/JjncYWQIDAQABoyMwITAPBgNVHRMBAf8EBTAD
AQH/MA4GA1UdDwEB/wQEAwICBDANBgkqhkiG9w0BAQUFAAOCAQEAUl7pbMJn
DIWMhAFsLbGfQjtik/0LCylTulcaUTdai2Ux2HlYo+6Iq5bWtWcE8Sd3tBhn
KnduqmBpJSXFGwa5iEp40KDDxA35jqJytR2zK0zjjbnAvLfop60jTfMb+umt
c8W3Y0tkok4PXJspOZS4FUZuTheBFZQi8Urjwoj71SpavliOv1nd3j5i2X+J
uGT+i4guz2h1TdVn35jw+TwCKcKnDE8PLCwwa79794L72lsJkBZWWj1b8QHf
QtRMebNn3xYLzpTYrXL/Ik86qr0YmzE4Zq0reH5wsmKxhcrBI0ujvfyEvEVc
INEmZpXpeKIURPwAMoKw6RmGUY7z+0bcjg==
-----END CERTIFICATE-----
