[openssl-users] CSR verify failure

Michael Wojcik Michael.Wojcik at microfocus.com
Mon Mar 26 16:59:07 UTC 2018

OK, I see the verify error with the CSR you sent, so it's an issue with creating the CSR, not with verifying it.

Beyond that I don't see the issue, but I'd have to debug it (or decrypt the signature manually) to see what exactly the problem is. OpenSSL is complaining that it expects the signature to use PKCS#1 type 1 padding, but the block-type byte doesn't have value 1, i.e. PKCS#1 v1.5 padding.

I don't know why openssl req -new on your system might have generated a signature with some other type of padding. openssl req doesn't appear to honor -sigopt rsa_padding_mode, for example; I just tried it, and it didn't produce an error, but didn't seem to have any effect either.

Michael Wojcik 
Distinguished Engineer, Micro Focus 

More information about the openssl-users mailing list