Certificates that work on RHEL 7 cannot be verified on RHEL 8

Solution Verified - Updated -

Issue

  • Certificates created by a Certificate Authority (CA) cannot be successfully verified on RHEL 8 while there are no issues on RHEL 7.
  • RHEL 7

    # openssl verify -verbose -CAfile cacert.crt example.crt 
    example.crt: OK
    
  • RHEL 8

    # openssl verify -verbose -CAfile=cacert.crt example.crt
    C = GB, O = Example Ltd., OU = Example Ltd. Certificates, CN = Example Certificate
    error 7 at 0 depth lookup: certificate signature failure
    error example.crt: verification failed
    140449106233152:error:04091068:rsa routines:int_rsa_verify:bad signature:crypto/rsa/rsa_sign.c:228:
    140449106233152:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:crypto/asn1/a_verify.c:179:
    

Environment

  • Red Hat Enterprise Linux 8
  • openssl-1.1.1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content