Creating an X25519 client certificate
Robert Moskowitz
rgm at htt-consult.com
Wed Mar 17 21:50:41 UTC 2021
I have created my X25519 pub/priv keypair with:
openssl genpkey -algorithm X25519\
-out $dir/private/$clientemail-X.key.$format
And displays properly with:
openssl pkey -in $dir/private/$clientemail-X.key.$format -text -noout
So now to make the csr with:
openssl req -config $dir/openssl-intermediate.cnf\
-key $dir/private/$clientemail-X.key.$format \
-subj "$DN" -new -out $dir/csr/$clientemail-X.csr.$format
which is what I used for ED25519 client certs. But I get an error:
140487683954496:error:0608D096:digital envelope
routines:EVP_PKEY_sign_init:operation not supported for this
keytype:crypto/evp/pmeth_fn.c:39:
I can't figure out from my config file why this error. and googling the
error has not helped. yet.
Can someone point me to what I am missing?
Oh, and I am ASSuMEing that a CA cert of ED25519 signs an X25519 client
cert. Haven't found instructions on this, but it seems reasonable...
thanks
More information about the openssl-users
mailing list