On Wed, Nov 10, 2004, System Administrator wrote: > Hi, > > I wonder if anyone might be able to shed some light on a very > strange phenomena we're seeing when we try to generate CSRs. > > I can create a key with > :openssl genrsa ... > and then I creat a certificate signing request with > :openssl req -new -key keyfile.key -out csrfile.csr > > This goes through the normal questions, and creates the file "csrfile.csr" > without any complaints. > > When I try to use this csr to generate a self-signed certificate I > invariably > get "signature did not match the certificate request". > > Further investigation leads to the fact that each new repetition of the same > csr using the same key always produces a different signature on the csr, on > one server, and yet the same key on a different server ALWAYS produces the > same > CSR (given the same DN and so on of course) > > The openssl version 0.9.6i was installed on a Solaris 8 sun machine from a > SunFreeware package. > > Does anyone know of a bug that we may have, and where it might be? > > I intend to uninstall the package, and replace it with newer one, however > its on a live production server so downtime is sparse. >
Sounds like the RSA code isn't functioning correctly: possibly due to a bug in the compiler used with that version. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
