The output of command "openssl asn1parse -i -in cacert.pem" is
0:d=0 hl=4 l= 872 cons: SEQUENCE 4:d=1 hl=4 l= 729 cons: SEQUENCE 8:d=2 hl=2 l= 3 cons: cont [ 0 ] 10:d=3 hl=2 l= 1 prim: INTEGER :02 13:d=2 hl=2 l= 9 prim: INTEGER :D46F3D4EDCA8F780 24:d=2 hl=2 l= 5 cons: SEQUENCE 26:d=3 hl=2 l= 1 prim: OBJECT :itu-t 29:d=3 hl=2 l= 0 prim: NULL 31:d=2 hl=3 l= 133 cons: SEQUENCE 34:d=3 hl=2 l= 11 cons: SET 36:d=4 hl=2 l= 9 cons: SEQUENCE 38:d=5 hl=2 l= 3 prim: OBJECT :countryName 43:d=5 hl=2 l= 2 prim: PRINTABLESTRING :US 47:d=3 hl=2 l= 11 cons: SET 49:d=4 hl=2 l= 9 cons: SEQUENCE 51:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 56:d=5 hl=2 l= 2 prim: PRINTABLESTRING :LA 60:d=3 hl=2 l= 11 cons: SET 62:d=4 hl=2 l= 9 cons: SEQUENCE 64:d=5 hl=2 l= 3 prim: OBJECT :localityName 69:d=5 hl=2 l= 2 prim: PRINTABLESTRING :CA 73:d=3 hl=2 l= 33 cons: SET 75:d=4 hl=2 l= 31 cons: SEQUENCE 77:d=5 hl=2 l= 3 prim: OBJECT :organizationName 82:d=5 hl=2 l= 24 prim: PRINTABLESTRING :Internet Widgits Pty Ltd 108:d=3 hl=2 l= 13 cons: SET 110:d=4 hl=2 l= 11 cons: SEQUENCE 112:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName 117:d=5 hl=2 l= 4 prim: PRINTABLESTRING :Corp 123:d=3 hl=2 l= 13 cons: SET 125:d=4 hl=2 l= 11 cons: SEQUENCE 127:d=5 hl=2 l= 3 prim: OBJECT :commonName 132:d=5 hl=2 l= 4 prim: PRINTABLESTRING :GWCA 138:d=3 hl=2 l= 27 cons: SET 140:d=4 hl=2 l= 25 cons: SEQUENCE 142:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name 147:d=5 hl=2 l= 18 prim: PRINTABLESTRING :DNS:www.evmweb.com 167:d=2 hl=2 l= 30 cons: SEQUENCE 169:d=3 hl=2 l= 13 prim: UTCTIME :130620063616Z 184:d=3 hl=2 l= 13 prim: UTCTIME :230618063616Z 199:d=2 hl=3 l= 133 cons: SEQUENCE 202:d=3 hl=2 l= 11 cons: SET 204:d=4 hl=2 l= 9 cons: SEQUENCE 206:d=5 hl=2 l= 3 prim: OBJECT :countryName 211:d=5 hl=2 l= 2 prim: PRINTABLESTRING :US 215:d=3 hl=2 l= 11 cons: SET 217:d=4 hl=2 l= 9 cons: SEQUENCE 219:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 224:d=5 hl=2 l= 2 prim: PRINTABLESTRING :LA 228:d=3 hl=2 l= 11 cons: SET 230:d=4 hl=2 l= 9 cons: SEQUENCE 232:d=5 hl=2 l= 3 prim: OBJECT :localityName 237:d=5 hl=2 l= 2 prim: PRINTABLESTRING :CA 241:d=3 hl=2 l= 33 cons: SET 243:d=4 hl=2 l= 31 cons: SEQUENCE 245:d=5 hl=2 l= 3 prim: OBJECT :organizationName 250:d=5 hl=2 l= 24 prim: PRINTABLESTRING :Internet Widgits Pty Ltd 276:d=3 hl=2 l= 13 cons: SET 278:d=4 hl=2 l= 11 cons: SEQUENCE 280:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName 285:d=5 hl=2 l= 4 prim: PRINTABLESTRING :Corp 291:d=3 hl=2 l= 13 cons: SET 293:d=4 hl=2 l= 11 cons: SEQUENCE 295:d=5 hl=2 l= 3 prim: OBJECT :commonName 300:d=5 hl=2 l= 4 prim: PRINTABLESTRING :GWCA 306:d=3 hl=2 l= 27 cons: SET 308:d=4 hl=2 l= 25 cons: SEQUENCE 310:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name 315:d=5 hl=2 l= 18 prim: PRINTABLESTRING :DNS:www.evmweb.com 335:d=2 hl=3 l= 159 cons: SEQUENCE 338:d=3 hl=2 l= 13 cons: SEQUENCE 340:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption 351:d=4 hl=2 l= 0 prim: NULL 353:d=3 hl=3 l= 141 prim: BIT STRING 497:d=2 hl=3 l= 237 cons: cont [ 3 ] 500:d=3 hl=3 l= 234 cons: SEQUENCE 503:d=4 hl=2 l= 29 cons: SEQUENCE 505:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier 510:d=5 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:04144B91C1ECC4A73A3C73565E9F4CEC0C38EC018A66 534:d=4 hl=3 l= 186 cons: SEQUENCE 537:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier 542:d=5 hl=3 l= 178 prim: OCTET STRING [HEX DUMP]:3081AF80144B91C1ECC4A73A3C73565E9F4CEC0C38EC018A66A1818BA48188308185310B3009060355040613025553310B3009060355040813024C41310B30090603550407130243413121301F060355040A1318496E7465726E6574205769646769747320507479204C7464310D300B060355040B1304436F7270310D300B0603550403130447574341311B30190603551D111312444E533A7777772E65766D7765622E636F6D820900D46F3D4EDCA8F780 723:d=4 hl=2 l= 12 cons: SEQUENCE 725:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints 730:d=5 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:30030101FF 737:d=1 hl=2 l= 5 cons: SEQUENCE 739:d=2 hl=2 l= 1 prim: OBJECT :itu-t 742:d=2 hl=2 l= 0 prim: NULL 744:d=1 hl=3 l= 129 prim: BIT STRING Thanks, Anand ----- Original Message ----- From: Wim Lewis <w...@omnigroup.com> To: openssl-users@openssl.org Cc: Sent: Tuesday, June 18, 2013 11:33 PM Subject: Re: openssl 1.0.1e Signature verification problems On 14 Jun 2013, at 6:09 AM, anand rao wrote: > I am using openssl 1.0.1e to create a CA and generate certificates. > > I am facing an issue while generating the device certificates. > After creating the ca certificate using below command > > # openssl req -x509 -new -newkey rsa:1024 -keyout private/cakey.pem -days > 3650 -out cacert.pem > > when we try to display the contents the signature algorithm is shown as > itu-t instead of sha1WithRSAEncryption > > #openssl x509 -in cacert.pem -noout -text > > > Certificate: [...] > Signature Algorithm: itu-t That certainly looks wrong to me. What do you get if you run "openssl asn1parse -i -in cacert.pem" ? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
