Thanks Steve, I used the following commands to create the certificate using the openssl built with FIPS support
openssl genrsa -des3 -out wv-key.pem 1024 openssl req -new -x509 -key wv-key.pem -out wv-cert.pem -days 365 Do I miss any option to make it FIPS supported John -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Wednesday, October 06, 2010 4:36 PM To: openssl-users@openssl.org Subject: Re: FIPS mode - fails to read the RSA key On Wed, Oct 06, 2010, john.mattapi...@wipro.com wrote: > Hello there > > I am trying to use the OpenSSL-fips version 1.2 for our application ( > Webserver ) in Vxworks. I was able to integrate the library and > executing FIPS_mode_set is successful. After initializing the > SSL_library_init, The code tries to read the RSA key from a key.pem > file. > Technically you shouldn't use keys created outside FIPS mode in FIPS mode. In FIPS mode the "traditional" format is not supported because it used MD5 for key derivation. The more standard PKCS#8 mode using SHA1 for key derivation is use instead. You can convert keys using the pkcs8 command outside FIPS mode but again technically you aren't supposed to... Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org Please do not print this email unless it is absolutely necessary. The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
