[openssl-users] CSR verify failure
Michael Wojcik
Michael.Wojcik at microfocus.com
Mon Mar 26 16:59:07 UTC 2018
OK, I see the verify error with the CSR you sent, so it's an issue with creating the CSR, not with verifying it.
Beyond that I don't see the issue, but I'd have to debug it (or decrypt the signature manually) to see what exactly the problem is. OpenSSL is complaining that it expects the signature to use PKCS#1 type 1 padding, but the block-type byte doesn't have value 1, i.e. PKCS#1 v1.5 padding.
I don't know why openssl req -new on your system might have generated a signature with some other type of padding. openssl req doesn't appear to honor -sigopt rsa_padding_mode, for example; I just tried it, and it didn't produce an error, but didn't seem to have any effect either.
--
Michael Wojcik
Distinguished Engineer, Micro Focus
More information about the openssl-users
mailing list