Re: ECC Self-Signed Certificate

Wed, 13 Feb 2008 17:41:31 -0800
I've signed and consumed ECC certs just fine. My only problem is that when I specify a hash algorithm like SHA-256, OpenSSL falls back to the default SHA-1 for self-signed certs only. 



On Feb 13, 2008, at 7:13 AM, Nabil Ghadiali wrote:


Ahh ok. That means that even if the signature is valid, it will show  
up like

that.

Thanks,

-----Original Message-----
From: [EMAIL PROTECTED]

[mailto:[EMAIL PROTECTED] On Behalf Of Patrick  
Patterson

Sent: Wednesday, February 13, 2008 10:07 AM
To: openssl-users@openssl.org
Subject: Re: ECC Self-Signed Certificate

On Wednesday 13 February 2008 09:58:08 Nabil Ghadiali wrote:

I saved the base64 encoded text in a file with an extension ".cer"  
and

then

double-clicked it. Microsoft recognizes it is a certificate and  
opens it

up

in a certificate viewer.


Over here it says "The integrity of the certificate cannot be  
guaranteed.

The certificate may be corrupted or may have been altered"


Unless you are using Vista, Microsoft CAPI doesn't support ECC.

Have fun.

Patrick.


Thanks,

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Victor Duchovni
Sent: Wednesday, February 13, 2008 8:00 AM
To: openssl-users@openssl.org
Subject: Re: ECC Self-Signed Certificate

On Wed, Feb 13, 2008 at 12:40:18AM -0500, Nabil Ghadiali wrote:

Can someone help me with the command to generate a self-signed
certificate using openssl?




I have used the following steps and when I get a certificate and  
open up


it


says "the signature is invalid". Am I missing something?


What does "open it up" mean? The self-signed EC cert you posted looks
fine.

$ openssl verify -CAfile foo.pem -purpose crlsign foo.pem
foo.pem: OK

$ openssl x509 -text -in foo.pem
Certificate:
   Data:
       Version: 3 (0x2)
       Serial Number:
           d2:4e:d0:af:62:63:da:1b
       Signature Algorithm: ecdsa-with-SHA1
       Issuer: C=US, ST=Some-State, O=Internet Widgits Pty Ltd
       Validity
           Not Before: Feb 13 05:37:39 2008 GMT
           Not After : Feb 12 05:37:39 2009 GMT
       Subject: C=US, ST=Some-State, O=Internet Widgits Pty Ltd
       Subject Public Key Info:
           Public Key Algorithm: id-ecPublicKey
               Public-Key: (256 bit)
               pub:
                   04:f3:26:32:97:d1:db:f9:e6:18:40:53:95:f7:67:
                   f7:ab:52:25:96:aa:58:d2:8e:dc:6d:d3:a5:e5:5d:
                   11:95:e7:73:f9:b3:24:df:5e:4f:b1:5e:55:49:66:
                   3e:a4:39:3c:c5:a4:74:f0:a3:62:35:94:23:aa:e5:
                   db:83:67:07:35
               ASN1 OID: prime256v1
       X509v3 extensions:
           X509v3 Subject Key Identifier:


E6:9B:18:14:7F:52:88:EB:C5:86:BE:B3:68:9E:BE:39:F3:A6:2B:E2

           X509v3 Authority Key Identifier:

keyid:E6:9B:18:14:7F:52:88:EB:C5:86:BE:B3:68:9E:BE:39:F3:A6:2B:E2
               DirName:/C=US/ST=Some-State/O=Internet Widgits Pty Ltd
               serial:D2:4E:D0:AF:62:63:DA:1B

           X509v3 Basic Constraints:
               CA:TRUE
   Signature Algorithm: ecdsa-with-SHA1
       30:45:02:21:00:a7:58:a0:52:62:be:42:dd:53:83:6d:4c:c4:
       4f:dd:96:24:56:f5:f8:6b:76:ec:3f:cf:fa:0b:41:8c:6c:4b:
       85:02:20:24:00:ae:a7:fb:1b:37:cf:77:f6:3e:2e:47:22:ed:
       ba:21:0b:79:32:31:3a:07:2b:2f:32:0e:81:4f:8c:eb:b0
-----BEGIN CERTIFICATE-----
MIICJzCCAc6gAwIBAgIJANJO0K9iY9obMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
VVMxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdp
dHMgUHR5IEx0ZDAeFw0wODAyMTMwNTM3MzlaFw0wOTAyMTIwNTM3MzlaMEUxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5l
dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATzJjKX
0dv55hhAU5X3Z/erUiWWqljSjtxt06XlXRGV53P5syTfXk+xXlVJZj6kOTzFpHTw
o2I1lCOq5duDZwc1o4GnMIGkMB0GA1UdDgQWBBTmmxgUf1KI68WGvrNonr4586Yr
4jB1BgNVHSMEbjBsgBTmmxgUf1KI68WGvrNonr4586Yr4qFJpEcwRTELMAkGA1UE
BhMCVVMxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdp
ZGdpdHMgUHR5IEx0ZIIJANJO0K9iY9obMAwGA1UdEwQFMAMBAf8wCQYHKoZIzj0E
AQNIADBFAiEAp1igUmK+Qt1Tg21MxE/dliRW9fhrduw/z/oLQYxsS4UCICQArqf7
GzfPd/Y+Lkci7bohC3kyMToHKy8yDoFPjOuw
-----END CERTIFICATE-----




--
Patrick Patterson
President and Chief PKI Architect,
Carillon Information Security Inc.
http://www.carillon.ca
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]






















					Reply via email to