I think the error messages are pretty clear in these cases. Trying to
set a hash with (standardized) EdDSA is not going to go well for you.
Have you tried this very nice walkthrough?
https://tools.ietf.org/html/draft-moskowitz-eddsa-pki-00
BBB
On Thu, Jun 6, 2019 at 9:47 AM Sowmya P wrote:
>
> Hi ,
> Have query regarding generation of X255519 and X448 certificate chain
>
> Below is the script which i used to generate certificate chain of Ecdsa type.
> https://github.com/raja-ashok/sample_certificates/blob/master/ECC_Prime256_Certs/gen_ecc_cert.sh
>
> Now for generating EdDSA certificate chain I am using command from
> (https://github.com/openssl/openssl/issues/6201). But with this command I am
> able to generate only certificate and private key pair. But not able to
> generate certificate chain.
>
>
>
> Below is the command used for generating end entity cert
>
> Openssl req -config openssl.cnf -new -key serverkey.pem
> -subj”/C=IN/ST=kar/L=En/0=htipl/OU=team/CN=server” -outr server_cert.csr
>
> Openssl ca -config openssl.cnf -cert rootcert.pem -key rootkey.pem
> -extensions usr_cert -subj -days 360 -md sha256 -in server_cert.csr -out
> server_cert.pem
>When i executed above command below errro is thrown
>
> Cant open ./root/private/cakey.pem for reading no such file or directory
> System library:fopen:no such file or directory:crypto/bio/bss_file.c :72
> Bio routines :BIO_new_file:no such file crypto/bio:bss_file.c
>
>
>
>
> Tried another command to generated server cert that is openssl x509 -req
> -days 360 -in server_cert.csr -signkey rootykey.pem -sha256 -out serever.crt
>
> For this elliptic curve routines:pkey_ecd_ctrl:invalid digest
> type:crypto/ec/ecx_meth.c
> error will be thrown
>
>
> Please help me out to resolve this issue
>
>
> Thanks ,
> Soumya pattada.
>
>
