ComponentSpace

Forums



SHA-256 and Converting the Cryptographic Service Provider Type


SHA-256 and Converting the Cryptographic Service Provider Type

Author
Message
dokumenta
dokumenta
New Member
New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)

Group: Forum Members
Posts: 10, Visits: 29
ComponentSpace - Wednesday, August 31, 2016
Thanks. I get the same issue as you. I suspect there's something different about the format of these files.
I'll take a closer look at this as soon as I can.
However, you might be better to generate a new PFX file using makecert as described in our Developer Guide PDF.

Thank you for your effort.

Our vendor require certificates in this format this is main problem because it’s integration enterprise project.

We tried use some open source WebSSO frameworks but in all we missing some features hence our finally choice is use your product because we also need some support.

Please let me know if you find something new.


 
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)

Group: Administrators
Posts: 2.6K, Visits: 7.5K
I've tried to reproduce the issue with certificates I've generated but with no luck.
There must be something different about your PFX file which then causes issues for openssl.
As this is a self-signed certificate, I suggest that you generate another certificate.
This is described in the Generating Test X.509 Certificates forum topic.
For example, the following command generates a self-signed certificate with a 2048 bit key, that's signed using SHA-512 and that specifies the type 24 cryptographic service provider. This is saved into the Windows certificate store for the current user. 


makecert -r -pe -sky exchange -n "cn=www.idp.com" -ss My -sy 24 -len 2048 -a sha512


You would then export the certificate from the Windows certificate store as a PFX file using the Microsoft Management Console's Certificates snap-in. Simply run mmc from the command prompt.




Regards
ComponentSpace Development
dokumenta
dokumenta
New Member
New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)

Group: Forum Members
Posts: 10, Visits: 29
ComponentSpace - Wednesday, August 31, 2016
I've tried to reproduce the issue with certificates I've generated but with no luck.
There must be something different about your PFX file which then causes issues for openssl.
As this is a self-signed certificate, I suggest that you generate another certificate.
This is described in the Generating Test X.509 Certificates forum topic.
For example, the following command generates a self-signed certificate with a 2048 bit key, that's signed using SHA-512 and that specifies the type 24 cryptographic service provider. This is saved into the Windows certificate store for the current user. 


makecert -r -pe -sky exchange -n "cn=www.idp.com" -ss My -sy 24 -len 2048 -a sha512


You would then export the certificate from the Windows certificate store as a PFX file using the Microsoft Management Console's Certificates snap-in. Simply run mmc from the command prompt.



Thank you I will try it and let you know
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)

Group: Administrators
Posts: 2.6K, Visits: 7.5K
Thanks.

Regards
ComponentSpace Development
dokumenta
dokumenta
New Member
New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)New Member (11 reputation)

Group: Forum Members
Posts: 10, Visits: 29
ComponentSpace - Friday, September 2, 2016
Thanks.

Problem is solved. Thank you.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)

Group: Administrators
Posts: 2.6K, Visits: 7.5K
You're welcome.

Regards
ComponentSpace Development
khemo
khemo
New Member
New Member (1 reputation)New Member (1 reputation)New Member (1 reputation)New Member (1 reputation)New Member (1 reputation)New Member (1 reputation)New Member (1 reputation)New Member (1 reputation)New Member (1 reputation)

Group: Forum Members
Posts: 1, Visits: 2

When I run these commands, it creates the wrong name!
It creates "Provider = Microsoft Enhanced Cryptographic Provider v1.0" instead of ""Microsoft  Enhanced RSA and AES Cryptographic Provider""

What could I be doing wrong? What do I need to do differently?

(Note in the example below I've replaced the real values with abc, xyz, etc)

c:\Program Files (x86)\GnuWin32\bin>openssl pkcs12 -export -in C:\x.pem -out C:\y.pfx -CSP "Microsoft  Enhanced RSA and AES Cryptographic Provider"
Loading 'screen' into random state - done
Enter pass phrase for C:\x.pem:
Enter Export Password:
Verifying - Enter Export Password:
 
c:\Program Files (x86)\GnuWin32\bin>certutil -store my z
my
================ Certificate 0 ================
Serial Number: a
Issuer: CN=b
  NotBefore: 11/10/2016 1:22 PM
 NotAfter: 11/10/2018 1:22 PM
Subject: CN=c
Non-root Certificate
Template: d
Cert Hash(sha1): e
   Key Container = f
   Provider = Microsoft Enhanced Cryptographic Provider v1.0
Private key is NOT exportable
Encryption test passed
CertUtil: -store command completed successfully.
 

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)ComponentSpace Development (3.6K reputation)

Group: Administrators
Posts: 2.6K, Visits: 7.5K
I suspect you're using a version of openssl that doesn't support specifying the CSP.
We use the Shining Light Productions openssl. We're currently using:
OpenSSL 1.1.0c 10 Nov 2016
The latest 64-bit Windows non-light installer at Shining Light Productions OpenSSL Installers is known to work.


Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Social Logins

Select a Forum....









Forums, Documentation & Knowledge Base - ComponentSpace


Search