On Wed, Jan 30, 2013 at 9:51 PM, Dr. Stephen Henson <[email protected]>wrote:
> > If you want it to just use the curve name instead you have to call: > > EC_KEY_set_asn1_flag(eckey, OPENSSL_EC_NAMED_CURVE); > > Steve. > -- > > It's efficacious. After I call EC_KEY_set_asn1_flag() before EC_KEY_generate_key(), the self-signed certificate(ca.der) is generated successfully without prompting "signature corrupt". Thank you, Dr. Henson and Ryan. But I still have another question though it is not critical. I use Windows 8 and IE10 now. When I double click ca.der and install, if I choose 'Automatically select the certificate store based on the type of certificate',then the self-signed certificate will be in the 'Intermediate Certification Authorities',not 'Trusted Root Certification Authorities'. If I choose 'Place all certificates in the following store' and select 'Trusted Root Certification Authorities', I can find the certificate in 'Trusted Root Certification Authorities' as I wish. The automatic import activity on Win8 is a little different from it on WinXP. Maybe it's a new OS security policy, I don't know. Thank you again.
