[openssl-users] Openssl 1.1.0: x509: Bad format "engine"; must be pem or der
Hi All, I am trying to create a self-signed certificate using the following commands. Working with engine_pkcs11 provided by opensc/libp11. When I was running these commands with openssl 1.0.2, these were working fine. When I tried running with openssl 1.1.0, Getting the following error. Can anyone please help to find what I am doing wrong ? root@Ubuntu:~/new# root@Ubuntu:~/new# /usr/bin/openssl req -engine pkcs11 -new -key "pkcs11:model=;manufacturer=ABC;serial=1;token=ABC_TOKEN;id=%01%00%00%00;object=Device_Key;type=private" -keyform engine -out req.pem -text -x509 -subj "/CN=NXP Semiconductor" engine "pkcs11" set. root@Ubuntu:~/new# root@Ubuntu:~/new# root@Ubuntu:~/new# root@Ubuntu:~/new# /usr/bin/openssl x509 -engine pkcs11 -keyform engine -signkey "pkcs11:model=;manufacturer=ABC;serial=1;token=ABC_TOKEN;id=%01%00%00%00;object=Device_Key;type=private " -in req.pem -out cert.pem engine "pkcs11" set. x509: Bad format "engine"; must be pem or der x509: Invalid format "engine" for -keyform x509: Use -help for summary. root@Ubuntu:~/new# root@Ubuntu:~/new# Regards, Sahil Malhotra -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Windows 7 cryptbase.dll failing to load
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Jakob Bohm > Sent: Thursday, June 14, 2018 15:58 > > Thus your 1.1.0 build runs on NT6.02 but not NT6.01, possibly due to > references to NT6.02-only APIs Sometimes the subsystem version information inserted by the linker is pessimistic for no reason (other than Microsoft's desire to get people to upgrade). Depends on the version of the Microsoft SDK installed, among other things. So the OP might just try linking the DLL with /VERSION:6.1. I'm not currently building a 1.1 OpenSSL, so I can't say what would need to be done with Configure to get that into the generated makefile. -- Michael Wojcik Distinguished Engineer, Micro Focus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Windows 7 cryptbase.dll failing to load
On 14/06/2018 18:39, Vollaro, John via openssl-users wrote: Hi OpenSSL team, Our team has successfully built Window dlls for OpenSSL code version 1.0.2n. The dll names where libeay32.dll & ssleay32.dll. They worked on Windows 7 and Windows Server 2012 OS. Our team has built Window dlls for the OpenSSL code using version 1.1.0h. The dll names where libcrypt0-1_1-x64.dll & libssl-1_1-x64.dll These dlls worked on Windows Server 2012 OS. These dlls do **not** load on Windows 7 OS. I suspect an issue with Windows library cryptbase.dll Note the translation table for Windows version names: DosWindows 1.01 == Windows 1.0 DosWindows 1.02 DosWindows 1.03 DosWindows 1.04 DosWindows 2.03 DosWindows 2.10 DosWindows 2.11 DosWindows 3.00 DosWindows 3.10 == Janus == Sparta == Winball DosWindows 3.11 == Snowball DosWindows 4.00.950/3.95 == Windows 95== MS-DOS 7.00 == Chicago DosWindows 4.00./3.9? == Windows 95 OSR2== MS-DOS 7.01 == Detroit DosWindows 4.10.1998/3.9? == Windows 98 == Memphis DosWindows 4.10./3.9? == Windows 98 SE DosWindows 4.90.3000/3.9? == Windows ME NT 3.10.528 == Razzle NT 3.50.807 == Daytona NT 3.51.1057 NT 4.00.1381 NT 4.00.1381SP3 == NT4.00 and NT4.00 Terminal Server Edition == Hydra NT 5.00.2195 == Windows 2000 NT 5.01.2600 == Windows XP (x86 and IA64) == maybe special Server 200x for IA64 == Whistler NT 5.02.37?? == Windows XP (x64) == Server 2003 == Server 2003 R2 NT 6.00.6000 == Windows Vista == Server 2008 == Longhorn NT 6.01.7600 == Windows 7 == Server 2008 R2 == Blackcomb == Vienna NT 6.02.9200 == Windows 8 == Server 2012 NT 6.03.9600 == Windows 8.1 == Server 2012 R2 == WinBlue NT 10.00.10240 (1507) == Windows 10 original== LTSB 2015 == Threshold 1 NT 10.00.10586 (1511) == Windows 10 November update == Threshold 2 NT 10.00.14393 (1607) == Windows 10 Anniversary update== LTSB 2016 == Windows Server 2016 == V2 (Redstone) NT 10.00.15063 (1703) == Windows 10 Creators update == Redstone 2 NT 10.00.16299 (1709) == Windows 10 Fall Creators update == Redstone 3 NT 10.00.17134 (1803) == Windows 10 April 2018 update == Redstone 4 Thus your 1.1.0 build runs on NT6.02 but not NT6.01, possibly due to references to NT6.02-only APIs Any suggestion on getting this to work on Windows 7? Has anyone else encountered this issue? Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Windows 7 cryptbase.dll failing to load
Hi OpenSSL team, Our team has successfully built Window dlls for OpenSSL code version 1.0.2n. The dll names where libeay32.dll & ssleay32.dll. They worked on Windows 7 and Windows Server 2012 OS. Our team has built Window dlls for the OpenSSL code using version 1.1.0h. The dll names where libcrypt0-1_1-x64.dll & libssl-1_1-x64.dll These dlls worked on Windows Server 2012 OS. These dlls do *not* load on Windows 7 OS. I suspect an issue with Windows library cryptbase.dll Any suggestion on getting this to work on Windows 7? Has anyone else encountered this issue? This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Engine for an openssl server with a private key
Hello, On Thu, Jun 14, 2018 at 11:22 AM, Jef Steelant wrote: > Hi, > > I have a program that sets up multiple server connections with a different > private RSA key for each. I want to offload the private key to another > process. I did this for client connections with SSL_CTX_set_client_cert_engine > but nothing similar exists for a server connection. Can this be done? > > > I solved this problem for my purpose by writing a custom RSA method. -- SY, Dmitry Belyavsky -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Engine for an openssl server with a private key
Hi, I have a program that sets up multiple server connections with a different private RSA key for each. I want to offload the private key to another process. I did this for client connections with SSL_CTX_set_client_cert_engine but nothing similar exists for a server connection. Can this be done? Regards, Jef Steelant -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users