On Sun, Jul 20, 2003, Leonard R Smith II wrote: > > To all, > I have a cert that is signed by verisign. Its works find with > openssl-0.9.6e that I compiled. The openssl verify command works and tells > me that that cert is okay and most of the ssl clients I used recognize it. > > However I am having trouble with Sun Microsystems openssl > distribution. It failes with a "certificate signature failure" and Sun's > openssl verify command returns > > /opt/SUNWconn/crypto/bin/openssl verify file.crt > file.crt: /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority > error 7 at 1 depth lookup:certificate signature failure > 5904:error:0D07908D:asn1 encoding routines:ASN1_verify:unknown message > digest algorithm:a_verify.c:86: > > I've checked the list, searched the web and read the docs and I > have not been able to resolve the problem so far. I saw that Colin posted > to the list a similar problem back in April but I did not see a response. > Can anyone point me towards some other things to try or check, or better > yet has anyone seen this and gotten it to work. >
You don't mention which version of OpenSSL that is. Check this with: openssl version if it says 0.9.7 then try: openssl list-message-digest-commands otherwise you'll have to look in openssl -h for the list of message digests. There should be md2 in there. If not then they've compiled OpenSSL without that digest and that's the problem: md2 is considered obsolete but its still used in some Verisign certificates. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
