Certificate signature failure #3
Description
Hello,
I have been using your lib for creating and signing certificates in my application.
I have come across an issue with signing a certificate. I have a root certificate that was created with OpenSSL commands.
Its private key and public key are created with RSA with 2048 block size. Signature is sha256WithRSAEncryption. The certificate is also self-signed.
I am using this root certificate to resign a certificate I create in the application. Everything goes OK. Signature is created. I checked the signed info with SecKeyRawVerify which does not return an error. When I use OpenSSL to verify the certificate
I receive an error (error 7 at 0 depth lookup:certificate signature failure). Command used: openssl verify -CAfile CA-cert.pem site.pem.
Do you have any idea why this happens?
Thank you.
Root certificate:
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 16706555744681512011 (0xe7d99bef4600cc4b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: O=infinum, CN=maroje cn
Validity
Not Before: Sep 14 12:37:30 2020 GMT
Not After : Jun 11 12:37:30 2023 GMT
Subject: O=infinum, CN=maroje cn
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d2:68:52:a5:47:b8:76:1f:6b:9a:97:7a:8e:94:
27:3d:21:4a:1f:fe:eb:cf:23:5d:c0:75:97:ab:6a:
d3:ac:e3:21:80:ee:22:ea:f9:0f:fd:38:84:fb:d6:
5a:0d:36:31:96:40:48:b5:a8:10:ed:bf:16:25:66:
ac:9b:d6:24:1e:79:8b:78:4c:7d:1c:19:a2:bd:d7:
94:3e:60:d1:fc:26:e6:09:26:f3:40:2c:fd:8f:2e:
fa:ba:4b:28:1a:e8:d1:d5:1e:c6:97:ee:30:2a:0b:
3c:5b:71:4d:ef:1d:c3:cd:f1:9d:a7:d8:12:65:ee:
77:ca:cf:ee:c3:f0:80:b2:5a:63:21:71:43:c7:7e:
db:9c:7b:20:d2:76:ac:be:3c:dd:78:5d:7c:fc:48:
d8:88:28:5b:f4:8a:69:3c:5a:16:11:89:fd:0f:2f:
73:f2:41:28:fd:47:6f:14:99:c4:9b:b6:d2:a5:8f:
5b:1f:0c:0a:8b:86:f4:14:d1:d7:a0:d4:14:15:0c:
ac:4a:db:99:6b:5b:ff:71:80:cb:ab:67:05:2c:21:
ab:67:ab:2e:cd:ef:c8:c1:4f:60:16:2a:e7:01:ce:
02:e4:ef:29:d3:a6:87:d9:a5:e6:16:f5:cf:08:65:
7f:4f:73:a5:d6:0e:e3:e1:25:ca:bf:74:2e:56:6b:
fd:1b
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
bb:ee:e2:7f:86:b7:4a:c1:fb:69:46:44:9b:88:db:d7:7f:2c:
df:a6:6f:6d:92:8f:77:de:08:48:af:ff:1e:57:bd:37:07:db:
f3:8d:92:4b:1c:c6:73:f0:fc:d9:d7:9d:b9:59:95:82:2c:52:
3e:f6:2e:18:fc:e2:b4:72:5a:58:3b:d3:c4:01:76:10:36:ac:
72:c0:c5:d7:73:c7:39:2c:70:b8:f2:05:9f:11:dc:8d:20:7d:
39:75:f9:bc:09:a0:44:68:ae:79:95:e3:3f:b3:98:fc:8a:bf:
d5:a4:35:4c:77:bc:9c:b2:d9:11:05:28:63:56:68:df:4c:e3:
1b:29:b1:88:ad:b7:1b:df:bb:2b:09:7e:19:c0:12:48:3b:0c:
75:dd:49:e3:5b:c2:c8:49:02:e2:74:43:bf:90:84:66:e6:7b:
95:94:39:2f:ec:65:0e:a2:63:61:cb:45:07:e4:e8:38:bb:92:
0f:9e:49:d9:bd:c9:93:03:c3:c3:cc:8e:7e:56:1d:4e:b0:e2:
3c:27:d8:a5:36:ec:12:94:74:c2:f9:86:f6:7d:51:6f:51:22:
3d:8b:65:0e:78:73:61:93:24:12:8f:de:a4:72:48:c1:9d:3f:
f0:0f:8c:29:e5:5b:d4:fc:3f:29:61:45:07:7e:d8:53:86:96:
41:4b:16:d7
-----BEGIN CERTIFICATE-----
MIICyDCCAbACCQDn2ZvvRgDMSzANBgkqhkiG9w0BAQsFADAmMRAwDgYDVQQKDAdp
bmZpbnVtMRIwEAYDVQQDDAltYXJvamUgY24wHhcNMjAwOTE0MTIzNzMwWhcNMjMw
NjExMTIzNzMwWjAmMRAwDgYDVQQKDAdpbmZpbnVtMRIwEAYDVQQDDAltYXJvamUg
Y24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSaFKlR7h2H2ual3qO
lCc9IUof/uvPI13AdZeratOs4yGA7iLq+Q/9OIT71loNNjGWQEi1qBDtvxYlZqyb
1iQeeYt4TH0cGaK915Q+YNH8JuYJJvNALP2PLvq6Syga6NHVHsaX7jAqCzxbcU3v
HcPN8Z2n2BJl7nfKz+7D8ICyWmMhcUPHftuceyDSdqy+PN14XXz8SNiIKFv0imk8
WhYRif0PL3PyQSj9R28UmcSbttKlj1sfDAqLhvQU0deg1BQVDKxK25lrW/9xgMur
ZwUsIatnqy7N78jBT2AWKucBzgLk7ynTpofZpeYW9c8IZX9Pc6XWDuPhJcq/dC5W
a/0bAgMBAAEwDQYJKoZIhvcNAQELBQADggEBALvu4n+Gt0rB+2lGRJuI29d/LN+m
b22Sj3feCEiv/x5XvTcH2/ONkkscxnPw/NnXnblZlYIsUj72Lhj84rRyWlg708QB
dhA2rHLAxddzxzkscLjyBZ8R3I0gfTl1+bwJoERornmV4z+zmPyKv9WkNUx3vJyy
2REFKGNWaN9M4xspsYittxvfuysJfhnAEkg7DHXdSeNbwshJAuJ0Q7+QhGbme5WU
OS/sZQ6iY2HLRQfk6Di7kg+eSdm9yZMDw8PMjn5WHU6w4jwn2KU27BKUdML5hvZ9
UW9RIj2LZQ54c2GTJBKP3qRySMGdP/APjCnlW9T8PylhRQd+2FOGlkFLFtc=
-----END CERTIFICATE-----
Resigned certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 622126949255 (0x90d9a7e387)
Signature Algorithm: sha256WithRSAEncryption
Issuer: O=infinum, CN=maroje cn
Validity
Not Before: Sep 16 00:00:00 2020 GMT
Not After : Jan 1 00:00:00 2060 GMT
Subject: O=0D0622AA-8F3A-477A-97B8-EC26D46AF222, CN=Site CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d2:68:52:a5:47:b8:76:1f:6b:9a:97:7a:8e:94:
27:3d:21:4a:1f:fe:eb:cf:23:5d:c0:75:97:ab:6a:
d3:ac:e3:21:80:ee:22:ea:f9:0f:fd:38:84:fb:d6:
5a:0d:36:31:96:40:48:b5:a8:10:ed:bf:16:25:66:
ac:9b:d6:24:1e:79:8b:78:4c:7d:1c:19:a2:bd:d7:
94:3e:60:d1:fc:26:e6:09:26:f3:40:2c:fd:8f:2e:
fa:ba:4b:28:1a:e8:d1:d5:1e:c6:97:ee:30:2a:0b:
3c:5b:71:4d:ef:1d:c3:cd:f1:9d:a7:d8:12:65:ee:
77:ca:cf:ee:c3:f0:80:b2:5a:63:21:71:43:c7:7e:
db:9c:7b:20:d2:76:ac:be:3c:dd:78:5d:7c:fc:48:
d8:88:28:5b:f4:8a:69:3c:5a:16:11:89:fd:0f:2f:
73:f2:41:28:fd:47:6f:14:99:c4:9b:b6:d2:a5:8f:
5b:1f:0c:0a:8b:86:f4:14:d1:d7:a0:d4:14:15:0c:
ac:4a:db:99:6b:5b:ff:71:80:cb:ab:67:05:2c:21:
ab:67:ab:2e:cd:ef:c8:c1:4f:60:16:2a:e7:01:ce:
02:e4:ef:29:d3:a6:87:d9:a5:e6:16:f5:cf:08:65:
7f:4f:73:a5:d6:0e:e3:e1:25:ca:bf:74:2e:56:6b:
fd:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
Signature Algorithm: sha256WithRSAEncryption
65:9d:78:cb:72:c1:f8:f3:f9:8f:d8:2a:3a:7f:e4:02:c0:e4:
56:b9:68:33:4b:01:76:17:63:f4:fa:1f:12:11:e0:55:b2:c0:
cb:b7:35:9d:76:f2:7f:f7:95:09:f8:5a:d0:f4:d7:bd:47:76:
c3:74:fe:1e:b7:25:24:70:d3:ba:e5:cb:2b:e5:9b:b0:be:0e:
00:d0:77:c2:fb:be:5e:a3:03:1f:9e:eb:e4:0e:e3:cf:e0:e7:
03:fa:91:1a:cf:f8:6d:de:13:ab:2c:fe:37:a8:a2:19:56:91:
43:ec:94:53:8a:5f:d7:1d:aa:e1:22:00:dd:15:12:fd:db:da:
ef:ff:d3:9c:0b:ad:f3:69:5f:9c:a6:b1:98:1f:85:98:11:e9:
41:11:cd:e1:61:c5:06:cd:a9:b3:3a:3f:aa:fe:40:22:4a:25:
e0:c1:8e:2c:ef:97:dc:e6:b0:c9:9e:b1:7f:98:9c:36:8d:62:
fb:78:6d:b7:1e:1f:66:7d:4e:f9:01:16:12:d1:7c:81:d4:8b:
3e:a2:d3:4d:7e:1f:6e:39:54:ce:2a:57:10:24:67:d5:f1:d3:
da:a7:c0:89:74:ef:d1:70:a4:0b:51:8c:34:52:ff:49:32:61:
e4:bb:a9:04:51:7a:f3:d9:39:ad:fa:07:bb:3e:8d:1b:e3:3c:
c7:52:77:c8
-----BEGIN CERTIFICATE-----
MIIDAjCCAeqgAwIBAgIGAJDZp+OHMAsGCSqGSIb3DQEBATAmMRAwDgYDVQQKEwdp
bmZpbnVtMRIwEAYDVQQDEwltYXJvamUgY24wIhgPMjAyMDA5MTYwMDAwMDBaGA8y
MDYwMDEwMTAwMDAwMFowQTEtMCsGA1UEChMkMEQwNjIyQUEtOEYzQS00NzdBLTk3
QjgtRUMyNkQ0NkFGMjIyMRAwDgYDVQQDEwdTaXRlIENBMIIBKzAWBgkqhkiG9w0B
AQEGCSqGSIb3DQEBCwOCAQ8AMIIBCgKCAQEA0mhSpUe4dh9rmpd6jpQnPSFKH/7r
zyNdwHWXq2rTrOMhgO4i6vkP/TiE+9ZaDTYxlkBItagQ7b8WJWasm9YkHnmLeEx9
HBmivdeUPmDR/CbmCSbzQCz9jy76uksoGujR1R7Gl+4wKgs8W3FN7x3DzfGdp9gS
Ze53ys/uw/CAslpjIXFDx37bnHsg0nasvjzdeF18/EjYiChb9IppPFoWEYn9Dy9z
8kEo/UdvFJnEm7bSpY9bHwwKi4b0FNHXoNQUFQysStuZa1v/cYDLq2cFLCGrZ6su
ze/IwU9gFirnAc4C5O8p06aH2aXmFvXPCGV/T3Ol1g7j4SXKv3QuVmv9GwIDAQAB
oxAwDjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBlnXjLcsH48/mP
2Co6f+QCwORWuWgzSwF2F2P0+h8SEeBVssDLtzWddvJ/95UJ+FrQ9Ne9R3bDdP4e
tyUkcNO65csr5Zuwvg4A0HfC+75eowMfnuvkDuPP4OcD+pEaz/ht3hOrLP43qKIZ
VpFD7JRTil/XHarhIgDdFRL929rv/9OcC63zaV+cprGYH4WYEelBEc3hYcUGzamz
Oj+q/kAiSiXgwY4s75fc5rDJnrF/mJw2jWL7eG23Hh9mfU75ARYS0XyB1Is+otNN
fh9uOVTOKlcQJGfV8dPap8CJdO/RcKQLUYw0Uv9JMmHku6kEUXrz2Tmt+ge7Po0b
4zzHUnfI
-----END CERTIFICATE-----