x509v3-sign-rsa, x509v3-ssh-rsa and x509v3-rsa2048-sha256

murugesh pitchaiah murugesh.pitchaiah at gmail.com
Tue Aug 24 07:47:25 UTC 2021


I am working on generating the x509v3 certificates for ssh user. I see
with the default_md as 'sha256', in openssl.cnf file, the
key/certificate is generated with algorithm type as 'x509v3-sign-rsa'.

I see its signature algorithm is :

    Signature Algorithm: sha256WithRSAEncryption
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)

Can any one please share how to generate certificate for
x509v3-ssh-rsa and x509v3-rsa2048-sha256 ? Basically looking for
difference between these three type of public key algorithms ,and how
to generate certificate of these types:

x509v3-sign-rsa, x509v3-ssh-rsa and x509v3-rsa2048-sha256

Because, even for x509v3-sign-rsa - I see the size is 2048 bit and it
is sha256. Is it something to vary in 'default_md' (or newkey rsa:size
 and -sha) fields to vary to generate these different cert types ?

Thanks in advance.

Murugesh P.

More information about the openssl-users mailing list