I Need to generate a CSR for a product running on my SLES 11 SP4 server. When I try the openssl command to generate a csr it only allows sha1 and no -ssh256 is available.
How do I get this to work. I have enabled the security module and done a zypper up with no luck. even tried adding openssl1.
please help.
On 08/12/16 17:04, rob collins wrote:
[color=blue]
I Need to generate a CSR for a product running on my SLES 11 SP4 server.
When I try the openssl command to generate a csr it only allows sha1 and
no -ssh256 is available.[/color]
I presume “-ssh256” above is a typo and you mean “-sha256”?
[color=blue]
How do I get this to work. I have enabled the security module and done a
zypper up with no luck. even tried adding openssl1.[/color]
By your reference to “openssl1” above do you mean “openssl1 -sha256”
doesn’t work?
I don’t have a SLES11 SP4 server to hand but can install a virtual one
tomorrow if necessary.
Simon
SUSE Knowledge Partner
HI Simon,
That is correct yes. When I run openssl1 or openssl with the option -sha256 included for creating a sha256 csr as the default “openssl req -new -key www.mydomain.com.key -out www.mydomain.com.csr” creates a SHA1 CSR and I need a CSR2 so the documentation says add the -sha256 option “openssl req -new -sha256 -key www.mydomain.com.key -out www.mydomain.com.csr” just brings up the help for openssl showing that -sha256 does not exist.
Thanks,
Rob
On 09/12/16 08:04, rob collins wrote:
[color=blue]
That is correct yes. When I run openssl1 or openssl with the option
-sha256 included for creating a sha256 csr as the default “openssl req
-new -key www.mydomain.com.key -out www.mydomain.com.csr” creates a SHA1
CSR and I need a CSR2 so the documentation says add the -sha256 option
“openssl req -new -sha256 -key www.mydomain.com.key -out
www.mydomain.com.csr” just brings up the help for openssl showing that
-sha256 does not exist.[/color]
Hmm I have now installed a test SLES11 SP4 server with Security Module
enabled and the openssl1 package installed and it seems I am able to
create requests with ‘-sha256’. Basically I’m using your command above
but with ‘-newkey rsa:2048 -keyout’ instead of ‘-key’ (to create new
rather than use an existing since I don’t have one) - command I used was
‘openssl req -new -sha256 -newkey rsa:2048 -keyout example.key -out
example.csr’.
Note I don’t get an error whether using openssl or openssl1 command.
Using ‘openssl req -text -noout -verify -in example.csr’ shows
‘Signature Algorithm: sha256WithRSAEncryption’
Could it be that your key is not using RSA encryption and that’s why
it’s failing?
Since server was freshly installed it is fully patched:
openssl-0.9.8j-0.102.2
openssl1-1.0.1g-0.52.1
Simon
SUSE Knowledge Partner
Brilliant thanks Simon.
That worked.