[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Problem with DSA key signed CSRs
From: |
Timo Gerke |
Subject: |
Re: Problem with DSA key signed CSRs |
Date: |
Tue, 29 Jun 2010 11:06:40 +0200 |
User-agent: |
Thunderbird 2.0.0.23 (Windows/20090812) |
Nikos Mavrogiannopoulos wrote:
Timo Gerke wrote:
Dear List,
I think I've discoverd an other bug.
Then I generate a CSR signed with an DSA key an verify the request
with openssl the verification fails.
I did:
a.1) certtool -p --dsa --disable-quick-random --outfile dsakey.pem
a.2) certtool --to-p8 --pkcs-cipher aes-256 --load-privkey dsakey.pem
--outfile dsakey.p8
b) certtool -8q --load-privkey --load-privkey dsakey.pem --outfile newreq.pem
c) openssl req -verify -noout -in newreq.csr
[...]
Hello,
It seems openssl doesn't support DSA keys of size more than 1024 bits.
Use --bits 1024 on your first command and it will work.
BTW the format autodectetion of certtool seems not to work properly.
Does it have autodetection? :)
Hello,
I think it has.
If I run this command:
certtool -q --load-privkey dsakey.p8 --outfile newreq.csr
I get this error:
certtool: import error: could not find a valid PEM header; check
if your
key is PKCS #8 or PKCS #12 encoded
regards,
Timo
regardsm
Nikos
P.S. This message is resent, previously I only sent it to Nikos.