Hi there So, it seem 2012R2 and ECC dont like each other. I generate a proper ECC curved certificate where the public algo is correctly defined, OpenSSL is happy, Try and import the same cert to be used by the RootCA, Windows says GTFO.
Generate an RSA with the same CSP, Windows CA is happy, OpenSSL is Happy. Windows loves RSA. only technical difference Windows Root CA Private key and ECC cert generation (define new key at setup): Serial Number: 4f:bf:07:0c:c3:a0:e5:99:4a:30:51:72:b1:19:9c:54 Signature Algorithm: ecdsa-with-Specified Issuer: DC = net, DC = enterprises, OU = pki, CN = CAN-ROOTCA-01 using native X509Enrollment API calls Serial Number: 2f:da:9f:39:80:2b:1e:b5:43:cf:47:06:e8:91:10:00 Signature Algorithm: ecdsa-with-SHA256 Issuer: CN=Test Root CA CNG ECC ECDSA_P256 Microsoft Root CA under 2012R2 using ECC keys doesn't seem to follow RFC5758, RSA Key it is. _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
