RE: Is Sha2 supported for signing certs?
> From: owner-openssl-us...@openssl.org On Behalf Of Patrick Patterson > Sent: Wednesday, 13 June, 2012 15:59 > To: openssl-users@openssl.org > Subject: Re: Is Sha2 supported for signing certs? > > Hi Pushkar, > > Don't use the -md option - just use -sha256 directly. Nope. -sha256 is correct for commandline req including req -x509, and x509 including x509 -req, but not ca. ca uses -md sha256. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Is Sha2 supported for signing certs?
Hi Pushkar, Don't use the -md option - just use -sha256 directly. Have fun. Patrick. On 2012-06-13, at 2:11 PM, Pushkar Pathak wrote: > Hi All, > > I am trying to sign a certificate with SHA2. I have my own CA certificate > and want to sign an end entity certificate with sha2. Is SHA 2 supported? > > The commands that I tried were > > openssl ca -md sha2 > openssl ca -md sha256 > > I am using openssl versioned OpenSSL 1.0.1c 10 May 2012. > > Let me know. > > thanks > Pushkar --- Patrick Patterson Chief PKI Architect Carillon Information Security Inc. http://www.carillon.ca __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Is Sha2 supported for signing certs?
Yes it worked this time, may be I was picking up the older openssl. FYI - On Wed, Jun 13, 2012 at 3:06 PM, Dr. Stephen Henson wrote: > On Wed, Jun 13, 2012, Pushkar Pathak wrote: > > > Hi All, > > > > I am trying to sign a certificate with SHA2. I have my own CA certificate > > and want to sign an end entity certificate with sha2. Is SHA 2 supported? > > > > The commands that I tried were > > > > openssl ca -md sha2 > > openssl ca -md sha256 > > > > I am using openssl versioned OpenSSL 1.0.1c 10 May 2012. > > > > As others have indicated it should be possible to use -md sha256. Another > option is the default_md option in openssl.cnf. See the ca manual page for > more details. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org >
Re: Is Sha2 supported for signing certs?
On Wed, Jun 13, 2012, Pushkar Pathak wrote: > Hi All, > > I am trying to sign a certificate with SHA2. I have my own CA certificate > and want to sign an end entity certificate with sha2. Is SHA 2 supported? > > The commands that I tried were > > openssl ca -md sha2 > openssl ca -md sha256 > > I am using openssl versioned OpenSSL 1.0.1c 10 May 2012. > As others have indicated it should be possible to use -md sha256. Another option is the default_md option in openssl.cnf. See the ca manual page for more details. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Is Sha2 supported for signing certs?
On Wed, 13 Jun 2012 11:11:50 -0700 Pushkar Pathak wrote: > openssl ca -md sha256 This one works - however openssl ca --help doesn't mention it. So it's undocumentet, but works. I've used it to do this test installation: https://sha2.hboeck.de/ "sha2" can't work, because there is no sha2-algorithm. sha2 is an (afaik inofficial) name for a whole number of functions - sha256, sha384, sha512 and sha224. -- Hanno Böck mail/jabber: ha...@hboeck.de GPG: BBB51E42 http://www.hboeck.de/ signature.asc Description: PGP signature
Re: Is Sha2 supported for signing certs?
Thanks Josh! On Wed, Jun 13, 2012 at 12:13 PM, Joshua Bowman wrote: > On 6/13/2012 11:11 AM, Pushkar Pathak wrote: > > Hi All, > > > > I am trying to sign a certificate with SHA2. I have my own CA > certificate and want to sign an > > end entity certificate with sha2. Is SHA 2 supported? > > > > The commands that I tried were > > > > openssl ca -md sha2 > > openssl ca -md sha256 > > > > I am using openssl versioned OpenSSL 1.0.1c 10 May 2012. > > > > Let me know. > > > > thanks > > Pushkar > > There are patches sitting on the bugtracker to enable that functionality, > but right now the only > way to do it is to use the API, as far as I know. > > Joshua Bowman > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org >
Re: Is Sha2 supported for signing certs?
On 6/13/2012 11:11 AM, Pushkar Pathak wrote: > Hi All, > > I am trying to sign a certificate with SHA2. I have my own CA certificate and > want to sign an > end entity certificate with sha2. Is SHA 2 supported? > > The commands that I tried were > > openssl ca -md sha2 > openssl ca -md sha256 > > I am using openssl versioned OpenSSL 1.0.1c 10 May 2012. > > Let me know. > > thanks > Pushkar There are patches sitting on the bugtracker to enable that functionality, but right now the only way to do it is to use the API, as far as I know. Joshua Bowman __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org