-
-
Save superseb/788a234647324b49ee5a56e07e3a91ac to your computer and use it in GitHub Desktop.
| # Generate RSASSA-PSS private key for CA | |
| # The key size is 2048; the exponent is 65537 | |
| openssl genpkey -algorithm rsa-pss -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -out CA.priKey | |
| # Generate self-signed RSASSA-PSS CA | |
| openssl req -x509 -new -key CA.priKey -subj "/CN=CA" -sha256 -out CA.cer | |
| # Generate RSASSA-PSS private key for EE | |
| #openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -out EE.priKey | |
| openssl genpkey -algorithm rsa-pss -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -out EE.priKey | |
| # Generate certificate signing request for RSASSA-PSS EE | |
| openssl req -new -key EE.priKey -subj "/CN=rancher.my.org" -sha256 -out EE.csr | |
| # Generate RSASSA-PSS EE based on the above CSR, and sign it with the above RSASSA-PSS CA | |
| openssl x509 -req -CAcreateserial -in EE.csr -sha256 -CA CA.cer -CAkey CA.priKey -out EE.cer |
What is the output of openssl version and what OS are you running it on? I tested it on Ubuntu 18.04 and OpenSSL 1.1.0g 2 Nov 2017 (Library: OpenSSL 1.1.1 11 Sep 2018)
-sh-4.2$ ./openssl version
OpenSSL 1.1.1d 10 Sep 2019
sorry the problem here was, I have two openssl in same setup one is 1.0.2 and other is 1.1.1 , and used 1.0.2 for second command
Hi..I need one more info here, in this you are passing rsa-pss, but how does it decides PSSParameters?
Good day,
I have similar problems with the second command.
openssl req -x509 -new -key CA.priKey -subj "/CN=CA" -sha256 -out CA.cer
Can't open C:\ci\openssl_1587479240221_h_env\Library/openssl.cnf for reading, No such file or directory
11040:error:02001003:system library:fopen:No such process:crypto\bio\bss_file.c:69:fopen('C:\ci\openssl_1587479240221_h_env\Library/openssl.cnf','r')
11040:error:2006D080:BIO routines:BIO_new_file:no such file:crypto\bio\bss_file.c:76:
Is this approach still up to date? I am using version OpenSSL 1.1.1g 21 Apr 2020.
Are there other instructions for creating an RSA-PSS certificate?
@3ddministrator can you share exact OS you are using? This is still valid, just tested on Ubuntu 20.04
I have similar problems with the second command.
Your problem is not similar. It is simple: 😉
openssl req -x509 -new -key CA.priKey -subj "/CN=CA" -sha256 -out CA.cer
Can't open C:\ci\openssl_1587479240221_h_env\Library/openssl.cnf for reading, No such file or directory
11040:error:02001003:system library:fopen:No such process:crypto\bio\bss_file.c:69:fopen('C:\ci\openssl_1587479240221_h_env
\Library/openssl.cnf','r') 11040:error:2006D080:BIO routines:BIO_new_file:no such file:crypto\bio\bss_file.c:76:
Hi, Thanks for this script. when I run second command here , I get an error:
-sh-4.2$ ./openssl genpkey -algorithm rsa-pss -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -out CA.priKey
......................+++++
.....+++++
-sh-4.2$ openssl req -x509 -new -key CA.priKey -subj "/CN=CA" -sha256 -out CA.cer
unable to load Private Key
139960278935440:error:0609E09C:digital envelope routines:PKEY_SET_TYPE:unsupported algorithm:p_lib.c:239:
139960278935440:error:0606F076:digital envelope routines:EVP_PKCS82PKEY:unsupported private key algorithm:evp_pkey.c:84:TYPE=rsassaPss
139960278935440:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:pem_pkey.c:141: