帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

SE05x certificate sign request with Sectigo

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决
跳至解决方案

SE05x certificate sign request with Sectigo

跳至解决方案
‎01-11-2023 06:42 AM
941 次查看
wyss-11
Contributor III

I'm trying to generate a valid CSR with the SE05x, but the CSR seems to have an invalid signature according to the online CRC checker https://redkestrel.co.uk/products/decoder/ 

Here's what I do: 

sscli erase 0x1234
ssscli generate ecc 0x1234 NIST_P256
ssscli refpem ecc pair 0x1234 aci200.ref.key --format PEM
openssl req -new -key aci200.ref.key -out aci200.csr -config aci200.cnf

This is the result of the CSR check: 

wyss11_0-1673444164369.png

  • What could be the problem with my CSR file?  
  • Could it be because I generated the CSR with the private key reference file?
  • The CSR file is attached (rename it to aci200.csr) 

Thanks, Stefan

标签 (1)
标签
标记 (3)
预览文件
1 KB
0 项奖励
回复
1 解答

跳至解决方案
‎01-12-2023 07:45 AM
928 次查看
wyss-11
Contributor III

Well, out of nowhere, the invalid signature error disappeared when I re-generated the aci200.csr file. I don't know the reason for that, but my new aci200.csr is now accepted by the online CSR verification tool. 

Thanks for your help!

在原帖中查看解决方案

回复
3 回复数

跳至解决方案
‎01-12-2023 07:45 AM
929 次查看
wyss-11
Contributor III

Well, out of nowhere, the invalid signature error disappeared when I re-generated the aci200.csr file. I don't know the reason for that, but my new aci200.csr is now accepted by the online CSR verification tool. 

Thanks for your help!

回复

跳至解决方案
‎01-12-2023 06:42 AM
928 次查看
wyss-11
Contributor III

Thanks for the DOC pointer. Yes, I can successfully run the example scripts from the script folder. My OPENSSL_CONF is according to the readme.html. 

So there seems to be another problem with the generated certificate in the example above? 

Can you try to recreate my problem with your SE05x setup by entering my above listed commands and checking the resulting CSR with the online-tool link that I have provided? 

0 项奖励
回复

跳至解决方案
‎01-12-2023 01:19 AM
933 次查看
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @wyss-11 ,

 

Have you enabled the openssl engine? This engine is used to decode the key references and invokes the SSS API with correct Key references for a cryptographic operation.  Please kindly refer to the doc of "simw-top/doc/sss/plugin/openssl/scripts/readme.html" for more details.

 

Hope that helps,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 项奖励
回复