[openssl-users] ed25519 self-signed root cert

Robert Moskowitz rgm at htt-consult.com
Fri Jul 27 14:36:47 UTC 2018

genpkey worked without those options.  I am going to have to look at the 
RFC again, as there are different types of ed25519 certs, but how will 
that work out in openssl?  I will have to remember back to a 
conversation at had at IETF 100...

Anyway error on the next step:

# openssl req -config $dir/openssl-root.cnf\
 >      -set_serial 0x$(openssl rand -hex $sn)\
 >      -keyform pem -outform pem\
 >      -key $dir/private/ca.key.pem -subj "$DN"\
 >      -new -x509 -days 7300 -extensions v3_ca\
 >      -out $dir/certs/ca.cert.pem
Enter pass phrase for /root/ca/private/ca.key.pem:
3064983568:error:1010F08A:elliptic curve routines:pkey_ecd_ctrl:invalid 
digest type:crypto/ec/ecx_meth.c:801:

where dir=/root/ca

More information about the openssl-users mailing list