Hello, I want to generate a self signed certificate that uses 'sha1RSA' as signature algorithm.
I tried changing the default signature algorithm in OpenSSL config file (default_md), but there is no effect of the change on the certificate. The certificate shows 'md5RSA' as the signature algorithm. Appreciate any help on how to achieve this. Here are the detailed steps for your reference. 1) vi /etc/sfw/openssl/openssl.cnf 2) Original: default_md=md5. Modified this to default_md=sha1 3) Restarted the system 4) Gave the following commands /usr/sfw/bin/openssl genrsa 1024 > host.key chmod 400 host.key /usr/sfw/bin/openssl req -new -x509 -days 365 -key host.key > host.cer 5) Irrespective of the value for "default_md" in the openssl.cnf file, the signature algorithm is specified as "md5RSA" in the certificate. 6) When I give the following command, the sha1 signature algorithm is used, however changing to the following command introduces lot of additional dependencies in my code. /usr/sfw/bin/openssl req -new -x509 -sha1 -days 365 -key host.key > host.cer 7) Version of OpenSSL used is 0.9.7d 17 Mar 2004 (+ security patches to 2006-09-29) on a Solaris 10 machine with kernel patch id 137138-09. 8) I've performed a truss and dtrace to find the value read from the config file, but was not able to view the values for config parameters. Thanks Madhu madhu
