$ openssl genrsa 2048 > key.pem $ openssl req -new -x509 -key key.pem -out cert.pem -sha256
On Tue, Aug 12, 2014 at 11:08 AM, Abdul Anshad <ab...@visolve.com> wrote: > Could you please provide me the steps for creating a self signed > certificate meeting the current FIPS standard ? > > Thank you for the response. > > Regards, > Abdul > > > On 12-Aug-14 3:02 AM, Kurt Cancemi wrote: > >> Your using a SHA-1 signed certificate, the current FIPS standard >> mandates a SHA-256 (SHA-2) signed certificate with a bit size >= 2048. >> >> --- >> Kurt Cancemi >> https://www.x64Architecture.com >> >> >> On Mon, Aug 11, 2014 at 5:24 AM, Abdul Anshad <ab...@visolve.com> wrote: >> >>> Hello All, >>> >>> I have a set up which runs Apache http-2.4.10 and Openssl-1.0.1i, when I >>> try >>> to start the http server with FIPS mode i get the following error. >>> >>> [Mon Aug 11 14:39:24.407781 2014] [suexec:notice] [pid 380] AH01232: >>> suEXEC >>> mechanism enabled (wrapper: /apps/apache/2.4.10/bin/suexec) >>> [Mon Aug 11 14:39:24.428616 2014] [ssl:emerg] [pid 380] AH01885: FIPS >>> mode >>> failed >>> [Mon Aug 11 14:39:24.428656 2014] [ssl:emerg] [pid 380] SSL Library >>> Error: >>> error:2D06D075:FIPS routines:fips_pkey_signature_test:test failure >>> (Type=RSA >>> SHA1 X931) >>> [Mon Aug 11 14:39:24.428663 2014] [ssl:emerg] [pid 380] AH02312: Fatal >>> error >>> initialising mod_ssl, exiting. >>> AH00016: Configuration Failed >>> >>> Could somebody help me out with this issue ? Thanks in advance. >>> >>> -- >>> Regards, >>> Abdul >>> >>> >>> --- >>> This email is free from viruses and malware because avast! Antivirus >>> protection is active. >>> http://www.avast.com >>> >>> ______________________________________________________________________ >>> OpenSSL Project http://www.openssl.org >>> Development Mailing List openssl-...@openssl.org >>> Automated List Manager majord...@openssl.org >>> >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> Development Mailing List openssl-...@openssl.org >> Automated List Manager majord...@openssl.org >> >> > > --- > This email is free from viruses and malware because avast! Antivirus > protection is active. > http://www.avast.com > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-...@openssl.org > Automated List Manager majord...@openssl.org >