'RE: Unknown message digest algorithm sha256RSA OpenSSL 1.0.1e'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-users
Subject:    RE: Unknown message digest algorithm sha256RSA OpenSSL 1.0.1e
From:       "John Unsworth" <john.unsworth () cp ! net>
Date:       2013-02-28 7:08:01
Message-ID: 006201ce1582$594db640$0be922c0$ () unsworth () cp ! net
[Download RAW message or body]

Hi Jakob,

Thanks for the pointer. I was indeed running an old version - I need to find
out where it was coming from!

C:\Documents and Settings\junswort>openssl version
OpenSSL 0.9.7b 10 Apr 2003

With correct version:

C:\MetaAndDirectory\certs>openssl version
OpenSSL 1.0.1e 11 Feb 2013

C:\MetaAndDirectory\certs>openssl verify -verbose -CAfile win2k8r2-ca.cer
win2k8r2-server.cer
win2k8r2-server.cer: OK

Regards,
John

-----Original Message-----
From: owner-openssl-users@openssl.org
[mailto:owner-openssl-users@openssl.org] On Behalf Of jb-openssl@wisemo.com
Sent: 28 February 2013 02:03
To: openssl-users@openssl.org
Subject: Re: Unknown message digest algorithm sha256RSA OpenSSL 1.0.1e

On 27-02-2013 23:54, John Unsworth wrote:
> I have a Windows CA that has created a sha256RSA CA cert and server cert.
> However OpenSSL fails to validate them.
>
> C:\MetaAndDirectory\certs>openssl verify -verbose -CAfile win2k8r2-ca.cer
> win2k8r2-server.cer
> win2k8r2-server.cer: /DC=net/DC=cp/DC=macc/CN=macc-JOHN-WIN2K8R2-1-CA
> error 7 at 1 depth lookup:certificate signature failure
> 7892:error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message
> digest algorithm:.\crypto\asn1\a_verify.c:141:
>
> C:\MetaAndDirectory\certs>openssl ciphers
>
DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DS
> S-DE
>
S-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:A
> ES12
>
8-SHA:IDEA-CBC-SHA:IDEA-CBC-MD5:RC2-CBC-MD5:DHE-DSS-RC4-SHA:RC4-SHA:RC4-MD5:
> RC4-
>
MD5:RC4-64-MD5:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EXP1024-RC2-C
> BC-M
>
D5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP1024-D
> HE-D
>
SS-RC4-SHA:EXP1024-RC4-SHA:EXP1024-RC4-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-D
> SS-D
>
ES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-R
> C4-M
> D5
Try the command

    openssl version

I suspect you may not be running the OpenSSL version you think!

(Note that the "openssl ciphers" command lists SSL/TLS protocol cipher 
suites, not the individual
ciphers in other parts of OpenSSL, however the output above looks like 
it is from an older
version).


-- 
Jakob Bohm, CIO, partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. direct: +45 31 13 16 10 
<call:+4531131610>
This message is only for its intended recipient, delete if misaddressed.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic