I have tried this, but i still get the same error.
Following are the steps that i used before to generate the key and
certificate :
$openssl genrsa -out my_key.key 2048
$openssl pkcs8 -v1 PBE-SHA1-3DES -topk8 -in my_key.key -out localhost.key
$openssl req -new -key localhost.key -out localhost.csr
$openssl x509 -req -days 3650 -in localhost.csr -signkey localhost.key
-out localhost.crt
I have also tried your steps, but ended up in the same error.
Regards,
Abdul
On 12-Aug-14 11:24 AM, Thulasi Goriparthi wrote:
$ openssl genrsa 2048 > key.pem
$ openssl req -new -x509 -key key.pem -out cert.pem -sha256
On Tue, Aug 12, 2014 at 11:08 AM, Abdul Anshad <[email protected]
<mailto:[email protected]>> wrote:
Could you please provide me the steps for creating a self signed
certificate meeting the current FIPS standard ?
Thank you for the response.
Regards,
Abdul
On 12-Aug-14 3:02 AM, Kurt Cancemi wrote:
Your using a SHA-1 signed certificate, the current FIPS standard
mandates a SHA-256 (SHA-2) signed certificate with a bit size
>= 2048.
---
Kurt Cancemi
https://www.x64Architecture.com
On Mon, Aug 11, 2014 at 5:24 AM, Abdul Anshad
<[email protected] <mailto:[email protected]>> wrote:
Hello All,
I have a set up which runs Apache http-2.4.10 and
Openssl-1.0.1i, when I try
to start the http server with FIPS mode i get the
following error.
[Mon Aug 11 14:39:24.407781 2014] [suexec:notice] [pid
380] AH01232: suEXEC
mechanism enabled (wrapper: /apps/apache/2.4.10/bin/suexec)
[Mon Aug 11 14:39:24.428616 2014] [ssl:emerg] [pid 380]
AH01885: FIPS mode
failed
[Mon Aug 11 14:39:24.428656 2014] [ssl:emerg] [pid 380]
SSL Library Error:
error:2D06D075:FIPS routines:fips_pkey_signature_test:test
failure (Type=RSA
SHA1 X931)
[Mon Aug 11 14:39:24.428663 2014] [ssl:emerg] [pid 380]
AH02312: Fatal error
initialising mod_ssl, exiting.
AH00016: Configuration Failed
Could somebody help me out with this issue ? Thanks in
advance.
--
Regards,
Abdul
---
This email is free from viruses and malware because avast!
Antivirus
protection is active.
http://www.avast.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
<mailto:[email protected]>
Automated List Manager [email protected]
<mailto:[email protected]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
<mailto:[email protected]>
Automated List Manager [email protected]
<mailto:[email protected]>
---
This email is free from viruses and malware because avast!
Antivirus protection is active.
http://www.avast.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
<mailto:[email protected]>
Automated List Manager [email protected]
<mailto:[email protected]>
---
This email is free from viruses and malware because avast! Antivirus protection
is active.
http://www.avast.com
