RE: Unknown message digest algorithm sha256RSA OpenSSL 1.0.1e

Wed, 27 Feb 2013 23:09:05 -0800 

Hi Jakob,

Thanks for the pointer. I was indeed running an old version - I need to find
out where it was coming from!

C:\Documents and Settings\junswort>openssl version
OpenSSL 0.9.7b 10 Apr 2003

With correct version:

C:\MetaAndDirectory\certs>openssl version
OpenSSL 1.0.1e 11 Feb 2013

C:\MetaAndDirectory\certs>openssl verify -verbose -CAfile win2k8r2-ca.cer
win2k8r2-server.cer
win2k8r2-server.cer: OK

Regards,
John

-----Original Message-----
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of jb-open...@wisemo.com
Sent: 28 February 2013 02:03
To: openssl-users@openssl.org
Subject: Re: Unknown message digest algorithm sha256RSA OpenSSL 1.0.1e

On 27-02-2013 23:54, John Unsworth wrote:
> I have a Windows CA that has created a sha256RSA CA cert and server cert.
> However OpenSSL fails to validate them.
>
> C:\MetaAndDirectory\certs>openssl verify -verbose -CAfile win2k8r2-ca.cer
> win2k8r2-server.cer
> win2k8r2-server.cer: /DC=net/DC=cp/DC=macc/CN=macc-JOHN-WIN2K8R2-1-CA
> error 7 at 1 depth lookup:certificate signature failure
> 7892:error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message
> digest algorithm:.\crypto\asn1\a_verify.c:141:
>
> C:\MetaAndDirectory\certs>openssl ciphers
>
DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DS
> S-DE
>
S-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:A
> ES12
>
8-SHA:IDEA-CBC-SHA:IDEA-CBC-MD5:RC2-CBC-MD5:DHE-DSS-RC4-SHA:RC4-SHA:RC4-MD5:
> RC4-
>
MD5:RC4-64-MD5:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EXP1024-RC2-C
> BC-M
>
D5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP1024-D
> HE-D
>
SS-RC4-SHA:EXP1024-RC4-SHA:EXP1024-RC4-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-D
> SS-D
>
ES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-R
> C4-M
> D5
Try the command

    openssl version

I suspect you may not be running the OpenSSL version you think!

(Note that the "openssl ciphers" command lists SSL/TLS protocol cipher 
suites, not the individual
ciphers in other parts of OpenSSL, however the output above looks like 
it is from an older
version).


-- 
Jakob Bohm, CIO, partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. direct: +45 31 13 16 10 
<call:+4531131610>
This message is only for its intended recipient, delete if misaddressed.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to