On Wednesday 13 February 2008 09:58:08 Nabil Ghadiali wrote: > I saved the base64 encoded text in a file with an extension ".cer" and then > double-clicked it. Microsoft recognizes it is a certificate and opens it up > in a certificate viewer. > > Over here it says "The integrity of the certificate cannot be guaranteed. > The certificate may be corrupted or may have been altered" > Unless you are using Vista, Microsoft CAPI doesn't support ECC.
Have fun. Patrick. > Thanks, > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Victor Duchovni > Sent: Wednesday, February 13, 2008 8:00 AM > To: openssl-users@openssl.org > Subject: Re: ECC Self-Signed Certificate > > On Wed, Feb 13, 2008 at 12:40:18AM -0500, Nabil Ghadiali wrote: > > Can someone help me with the command to generate a self-signed > > certificate using openssl? > > > > > > > > I have used the following steps and when I get a certificate and open up > > it > > > says "the signature is invalid". Am I missing something? > > What does "open it up" mean? The self-signed EC cert you posted looks > fine. > > $ openssl verify -CAfile foo.pem -purpose crlsign foo.pem > foo.pem: OK > > $ openssl x509 -text -in foo.pem > Certificate: > Data: > Version: 3 (0x2) > Serial Number: > d2:4e:d0:af:62:63:da:1b > Signature Algorithm: ecdsa-with-SHA1 > Issuer: C=US, ST=Some-State, O=Internet Widgits Pty Ltd > Validity > Not Before: Feb 13 05:37:39 2008 GMT > Not After : Feb 12 05:37:39 2009 GMT > Subject: C=US, ST=Some-State, O=Internet Widgits Pty Ltd > Subject Public Key Info: > Public Key Algorithm: id-ecPublicKey > Public-Key: (256 bit) > pub: > 04:f3:26:32:97:d1:db:f9:e6:18:40:53:95:f7:67: > f7:ab:52:25:96:aa:58:d2:8e:dc:6d:d3:a5:e5:5d: > 11:95:e7:73:f9:b3:24:df:5e:4f:b1:5e:55:49:66: > 3e:a4:39:3c:c5:a4:74:f0:a3:62:35:94:23:aa:e5: > db:83:67:07:35 > ASN1 OID: prime256v1 > X509v3 extensions: > X509v3 Subject Key Identifier: > E6:9B:18:14:7F:52:88:EB:C5:86:BE:B3:68:9E:BE:39:F3:A6:2B:E2 > X509v3 Authority Key Identifier: > > keyid:E6:9B:18:14:7F:52:88:EB:C5:86:BE:B3:68:9E:BE:39:F3:A6:2B:E2 > DirName:/C=US/ST=Some-State/O=Internet Widgits Pty Ltd > serial:D2:4E:D0:AF:62:63:DA:1B > > X509v3 Basic Constraints: > CA:TRUE > Signature Algorithm: ecdsa-with-SHA1 > 30:45:02:21:00:a7:58:a0:52:62:be:42:dd:53:83:6d:4c:c4: > 4f:dd:96:24:56:f5:f8:6b:76:ec:3f:cf:fa:0b:41:8c:6c:4b: > 85:02:20:24:00:ae:a7:fb:1b:37:cf:77:f6:3e:2e:47:22:ed: > ba:21:0b:79:32:31:3a:07:2b:2f:32:0e:81:4f:8c:eb:b0 > -----BEGIN CERTIFICATE----- > MIICJzCCAc6gAwIBAgIJANJO0K9iY9obMAkGByqGSM49BAEwRTELMAkGA1UEBhMC > VVMxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdp > dHMgUHR5IEx0ZDAeFw0wODAyMTMwNTM3MzlaFw0wOTAyMTIwNTM3MzlaMEUxCzAJ > BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5l > dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATzJjKX > 0dv55hhAU5X3Z/erUiWWqljSjtxt06XlXRGV53P5syTfXk+xXlVJZj6kOTzFpHTw > o2I1lCOq5duDZwc1o4GnMIGkMB0GA1UdDgQWBBTmmxgUf1KI68WGvrNonr4586Yr > 4jB1BgNVHSMEbjBsgBTmmxgUf1KI68WGvrNonr4586Yr4qFJpEcwRTELMAkGA1UE > BhMCVVMxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdp > ZGdpdHMgUHR5IEx0ZIIJANJO0K9iY9obMAwGA1UdEwQFMAMBAf8wCQYHKoZIzj0E > AQNIADBFAiEAp1igUmK+Qt1Tg21MxE/dliRW9fhrduw/z/oLQYxsS4UCICQArqf7 > GzfPd/Y+Lkci7bohC3kyMToHKy8yDoFPjOuw > -----END CERTIFICATE----- -- Patrick Patterson President and Chief PKI Architect, Carillon Information Security Inc. http://www.carillon.ca ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
