On Fri, Aug 03, 2012, Erik Tkal wrote: > Hi Steve, here's the cert: > > Certificate: > Data: > Version: 3 (0x2) > Serial Number: 34474 (0x86aa) > Signature Algorithm: ecdsa-with-SHA256 > Issuer: CN=eRoot1, OU=Engineering, O=Juniper Networks, Inc., > L=Westford, ST=MA, C=US > Validity > Not Before: Aug 1 19:04:20 2012 GMT > Not After : Jul 30 19:04:20 2022 GMT > Subject: CN=eServer1, OU=Engineering, O=Juniper Networks, Inc., > L=Westford, ST=MA, C=US > Subject Public Key Info: > Public Key Algorithm: id-ecPublicKey > Public-Key: (256 bit) > pub: > 04:e9:7e:4c:b3:44:eb:21:a4:15:9d:9a:2e:5e:e3: > 3c:09:19:22:36:cf:01:ee:dc:b8:67:1b:78:30:e0: > dd:4c:7f:95:38:24:f1:0c:7d:1c:2b:ab:b8:67:b7: > ef:42:9c:b6:df:fd:49:fb:1a:85:57:c1:e4:5a:e4: > b6:7c:4b:40:3b > Field Type: prime-field > Prime: > 00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00: > 00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff: > ff:ff:ff > A: > 00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00: > 00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff: > ff:ff:fc > B: > 5a:c6:35:d8:aa:3a:93:e7:b3:eb:bd:55:76:98:86: > bc:65:1d:06:b0:cc:53:b0:f6:3b:ce:3c:3e:27:d2: > 60:4b > Generator (uncompressed): > 04:6b:17:d1:f2:e1:2c:42:47:f8:bc:e6:e5:63:a4: > 40:f2:77:03:7d:81:2d:eb:33:a0:f4:a1:39:45:d8: > 98:c2:96:4f:e3:42:e2:fe:1a:7f:9b:8e:e7:eb:4a: > 7c:0f:9e:16:2b:ce:33:57:6b:31:5e:ce:cb:b6:40: > 68:37:bf:51:f5 > Order: > 00:ff:ff:ff:ff:00:00:00:00:ff:ff:ff:ff:ff:ff: > ff:ff:bc:e6:fa:ad:a7:17:9e:84:f3:b9:ca:c2:fc: > 63:25:51 > Cofactor: 1 (0x1) > Seed: > c4:9d:36:08:86:e7:04:93:6a:66:78:e1:13:9d:26: > b7:81:9f:7e:90 > X509v3 extensions: > X509v3 Subject Key Identifier: > E5:15:BA:0A:AB:56:A3:4C:47:4E:54:6D:21:93:0E:98:3B:CB:E9:3B > X509v3 Subject Alternative Name: > DNS:eserver1.juniper.net > X509v3 Authority Key Identifier: > > keyid:F8:87:1E:2B:4D:8D:F1:96:B9:9A:D8:BA:15:D0:75:FF:F4:1A:A4:9C > DirName:/CN=eRoot1/OU=Engineering/O=Juniper Networks, > Inc./L=Westford/ST=MA/C=US > serial:D3:27 > > X509v3 Key Usage: > Digital Signature > X509v3 Extended Key Usage: > TLS Web Server Authentication > X509v3 CRL Distribution Points: > > Full Name: > URI:http://localhost/pkitool/eroot1/eroot1.crl > > Signature Algorithm: ecdsa-with-SHA256 > 30:45:02:21:00:d2:30:0d:5f:5c:61:45:ef:23:a5:ae:04:3a: > ca:50:d0:a0:54:ca:ce:93:1c:b7:8a:04:19:b3:9f:ed:b4:1b: > f0:02:20:33:7b:55:bd:b8:df:ca:e5:42:db:49:e3:23:8a:f9: > 5d:6b:09:d2:b1:13:c8:60:46:0b:99:57:80:4d:ef:19:42 >
OK, you've got the parameters explicitly encoded instead of using a named curved. When you generate the key try calling: EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org