openssl default md5 message digest default_md not listed in cert

Question

According to this serverfault answer the default message digest for openssl 1.0 is MD5. My openssl.cnf file has default_md set to default.

I generated a certificate using openssl 1.0.0:

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 360

When I query the cert I see:

Signature Algorithm: sha1WithRSAEncryption
Public Key Algorithm: rsaEncryption

How can I query the cert to show what the message digest is? Or how can I determine what the deafult_md is other than the openssl doc?

See my A at your previous Q – dave_thompson_085 Jul 20 '20 at 07:27 — dave_thompson_085, Jul 20 '20 at 07:27

score 0 · Answer 1 · answered Dec 24 '15 at 07:53

0

You can test the default digest algorithm by running the digest command:

openssl dgst testfile

It probably starts with MD5(. I believe the default digest algorithm varies with the way it is used, however.

The only digest function you need to worry about with your cert is the one listed in the signature algorithm. sha1WithRSAEncryption means it used sha-1 as the digest algorithm and signed that hash with RSA.

answered Dec 24 '15 at 07:53

Andrew Domaszek

5,163
1
15
27

Why did it use sha-1 as the digest algorithm when the default_md is MD5? When I do openssl dgst it is indeed MD5 so I'm confused why it lists sha-1 as the digest algorithm. – abalone Dec 25 '15 at 01:42
1

The default for `dgst` is not the default for `req` and `ca` – dave_thompson_085 Jul 20 '20 at 07:27

openssl default md5 message digest default_md not listed in cert

1 Answers1