https://community.nxp.com/t5/Secure-Authentication/SE05x-certificate-sign-request-with-Sectigo/m-p/1580879#M1110 <P>I'm trying to generate a valid CSR with the SE05x, but the CSR seems to have an invalid signature according to the online CRC checker&nbsp;<A href="https://redkestrel.co.uk/products/decoder/" target="_blank">https://redkestrel.co.uk/products/decoder/</A>&nbsp;</P><P>Here's what I do:&nbsp;</P><P>sscli erase 0x1234<BR />ssscli generate ecc 0x1234 NIST_P256<BR />ssscli refpem ecc pair 0x1234 aci200.ref.key --format PEM<BR />openssl req -new -key aci200.ref.key -out <STRONG>aci200.csr</STRONG> -config aci200.cnf<BR /><BR /></P><P>This is the result of the CSR check:&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="wyss11_0-1673444164369.png" style="width: 359px;"><img src="https://community.nxp.com/t5/image/serverpage/image-id/206908iD8311FB2069056CB/image-dimensions/359x135?v=v2" width="359" height="135" role="button" title="wyss11_0-1673444164369.png" alt="wyss11_0-1673444164369.png" /></span></P><UL><LI>What could be the problem with my CSR file?&nbsp;&nbsp;</LI><LI>Could it be because I generated the CSR with the private key reference file?</LI><LI>The CSR file is attached (rename it to aci200.csr)&nbsp;</LI></UL><P>Thanks, Stefan</P> Wed, 11 Jan 2023 13:42:59 GMT wyss-11 2023-01-11T13:42:59Z https://community.nxp.com/t5/Secure-Authentication/SE05x-certificate-sign-request-with-Sectigo/m-p/1580879#M1110 <P>I'm trying to generate a valid CSR with the SE05x, but the CSR seems to have an invalid signature according to the online CRC checker&nbsp;<A href="https://redkestrel.co.uk/products/decoder/" target="_blank">https://redkestrel.co.uk/products/decoder/</A>&nbsp;</P><P>Here's what I do:&nbsp;</P><P>sscli erase 0x1234<BR />ssscli generate ecc 0x1234 NIST_P256<BR />ssscli refpem ecc pair 0x1234 aci200.ref.key --format PEM<BR />openssl req -new -key aci200.ref.key -out <STRONG>aci200.csr</STRONG> -config aci200.cnf<BR /><BR /></P><P>This is the result of the CSR check:&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="wyss11_0-1673444164369.png" style="width: 359px;"><img src="https://community.nxp.com/t5/image/serverpage/image-id/206908iD8311FB2069056CB/image-dimensions/359x135?v=v2" width="359" height="135" role="button" title="wyss11_0-1673444164369.png" alt="wyss11_0-1673444164369.png" /></span></P><UL><LI>What could be the problem with my CSR file?&nbsp;&nbsp;</LI><LI>Could it be because I generated the CSR with the private key reference file?</LI><LI>The CSR file is attached (rename it to aci200.csr)&nbsp;</LI></UL><P>Thanks, Stefan</P> Wed, 11 Jan 2023 13:42:59 GMT https://community.nxp.com/t5/Secure-Authentication/SE05x-certificate-sign-request-with-Sectigo/m-p/1580879#M1110 wyss-11 2023-01-11T13:42:59Z https://community.nxp.com/t5/Secure-Authentication/SE05x-certificate-sign-request-with-Sectigo/m-p/1581540#M1117 <P>Hi&nbsp;<a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/194626">@wyss-11</a>&nbsp;,</P> <P>&nbsp;</P> <P>Have you enabled the openssl engine? This engine is used to decode the key&nbsp;<SPAN>references </SPAN> and&nbsp;<SPAN>invokes the SSS API with correct Key references for a cryptographic operation.&nbsp; Please kindly refer to the doc of "simw-top/doc/sss/plugin/openssl/scripts/readme.html" for more details.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Hope that helps,</SPAN></P> <P>&nbsp;</P> <P>Have a great day,<BR />Kan</P> <P><BR />-------------------------------------------------------------------------------<BR />Note:<BR />- If this post answers your question, please click the "Mark Correct" button. Thank you!<BR />- We are following threads for 7 weeks after the last post, later replies are ignored<BR />Please open a new thread and refer to the closed one, if you have a related question at a later point in time.<BR />-------------------------------------------------------------------------------</P> Thu, 12 Jan 2023 08:19:44 GMT https://community.nxp.com/t5/Secure-Authentication/SE05x-certificate-sign-request-with-Sectigo/m-p/1581540#M1117 Kan_Li 2023-01-12T08:19:44Z https://community.nxp.com/t5/Secure-Authentication/SE05x-certificate-sign-request-with-Sectigo/m-p/1581756#M1119 <P>Thanks for the DOC pointer.&nbsp;Yes, I can successfully run&nbsp;the example scripts from the script folder. My OPENSSL_CONF is according to the readme.html.&nbsp;</P><P>So there seems to be another problem with the generated certificate in the example above?&nbsp;</P><P>Can you try to recreate my problem with your SE05x setup by entering my above listed commands and checking the resulting CSR with the online-tool link that I have provided?&nbsp;</P> Thu, 12 Jan 2023 13:42:47 GMT https://community.nxp.com/t5/Secure-Authentication/SE05x-certificate-sign-request-with-Sectigo/m-p/1581756#M1119 wyss-11 2023-01-12T13:42:47Z https://community.nxp.com/t5/Secure-Authentication/SE05x-certificate-sign-request-with-Sectigo/m-p/1581798#M1120 <P>Well, out of nowhere, the invalid signature error disappeared when I re-generated the aci200.csr file. I don't know the reason for that, but my new aci200.csr is now accepted by the online CSR verification tool.&nbsp;</P><P>Thanks for your help!</P> Thu, 12 Jan 2023 14:45:21 GMT https://community.nxp.com/t5/Secure-Authentication/SE05x-certificate-sign-request-with-Sectigo/m-p/1581798#M1120 wyss-11 2023-01-12T14:45:21Z