You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm trying to run some test with your example server http://testrfc7030.com/
Using the instructions in the welcome page the enrolled certificate is correctly verified by openssl:
openssl verify -CAfile dstcax3.pem cert.pem
cert.pem: OK
After this, i have tried with my EST Client written using C and OpenSSL using the same CSR as before.
It works but the resulting certificate is not signed by the EST TA /cacerts result.
If you try to parse the certificate this is the output (please note the signature algorithm!)
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17930 (0x460a)
Signature Algorithm: ecdsa-with-SHA1
Issuer: CN=estExampleCA
Validity
Not Before: May 24 15:02:59 2023 GMT
Not After : May 23 15:02:59 2024 GMT
Subject: CN=IntegrationTest
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:a8:91:66:33:ca:d1:bc:cc:f9:c4:18:f5:e8:fc:
99:a7:89:cf:7d:6e:27:38:b4:33:d6:96:61:5f:87:
93:b1:95:63:64:20:5c:21:e4:87:2b:c2:0a:fa:27:
40:06:53:46:18:d1:91:c5:01:7a:f8:cb:4a:86:fd:
15:9f:44:3c:69
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature
X509v3 Subject Key Identifier:
8F:C6:E3:73:2F:EC:6E:B5:F1:9B:45:2C:7A:1B:6C:CF:2B:33:3B:82
X509v3 Authority Key Identifier:
D7:D2:EC:EB:8C:D2:80:71:9C:CB:F4:46:D3:52:D1:26:AB:63:5E:2A
Signature Algorithm: ecdsa-with-SHA1
Signature Value:
30:46:02:21:00:86:87:d8:ec:4c:b7:8f:dd:6a:de:5c:a9:ee:
70:2c:86:9b:90:66:be:e8:29:05:ab:9b:10:3d:3f:a0:f5:ca:
fd:02:21:00:fa:12:15:d9:94:3c:1c:6c:39:23:23:51:a6:75:
9c:5a:da:d5:73:b1:bf:c2:ab:6f:c0:ed:be:ce:34:b2:45:87
Obviusly the verify command fails:
openssl verify -CAfile dstcax3.pem cert-client.pem
CN = IntegrationTest
error 20 at 0 depth lookup:unable to get local issuer certificate
cert-client.pem: verification failed: 20 (unable to get local issuer certificate)
Why i receive a certificate with a dignature SHA1? Is this signed by another CA?
NB: this is done using a P12 as client certificate connecting to port 9443. If i try to run the same test using basic auth connecting to the port 8443 the enrolled certificate is correct (validated and with SHA256 as signature algorithm).
The text was updated successfully, but these errors were encountered:
I'm trying to run some test with your example server http://testrfc7030.com/
Using the instructions in the welcome page the enrolled certificate is correctly verified by openssl:
openssl verify -CAfile dstcax3.pem cert.pem
cert.pem: OK
After this, i have tried with my EST Client written using C and OpenSSL using the same CSR as before.
It works but the resulting certificate is not signed by the EST TA /cacerts result.
This is the HTTP response i receive:
If you try to parse the certificate this is the output (please note the signature algorithm!)
Obviusly the verify command fails:
openssl verify -CAfile dstcax3.pem cert-client.pem
CN = IntegrationTest
error 20 at 0 depth lookup:unable to get local issuer certificate
cert-client.pem: verification failed: 20 (unable to get local issuer certificate)
Why i receive a certificate with a dignature SHA1? Is this signed by another CA?
NB: this is done using a P12 as client certificate connecting to port 9443. If i try to run the same test using basic auth connecting to the port 8443 the enrolled certificate is correct (validated and with SHA256 as signature algorithm).
The text was updated successfully, but these errors were encountered: