0

I tried generating a CSR by following Heroku instructions. Specifically 

openssl genrsa -des3 -out server.pass.key 2048
openssl rsa -in server.pass.key -out server.key
openssl req -nodes -new -key server.key -out server.csr
# input data here

I get the following error:

140509003069088:error:04075070:rsa routines:RSA_sign:digest too big for rsa key:rsa_sign.c:127:
140509003069088:error:0D0DC006:asn1 encoding routines:ASN1_item_sign_ctx:EVP lib:a_sign.c:314:

I am using openssl version:

OpenSSL> version
OpenSSL 1.0.1f 6 Jan 2014

What am I doing wrong?

GregPK
  • 117
  • 1
  • 3
  • At what point do you get the error? You can omit the second command by simply providing no password. Also, req can also create the key, resulting in a one-liner. – sebix Jul 21 '15 at 11:15
  • @sebix Getting the error after the call to `req`. I have virtually zero idea about what I'm doing so I did not want to stray from the path that heroku has suggested – GregPK Jul 21 '15 at 20:03

3 Answers3

1

I had the same problem, that was caused by placing 256 in the commands where the key size is required. Worked typing 1024, in yours is 2048

Jorge
  • 11
  • 1
0

While this is very interesting, I just ended up switching to a different machine (same openssl version). Worked like a charm. Also worked on 2 others I've tried.

So solution: switch to another machine.

GregPK
  • 117
  • 1
  • 3
0

I had this happen when I mistyped the key length for a previous command. e.g., '409' bits instead of '4096' - 

openssl genrsa -out key.pem 409
openssl req -subj '/CN=client' -new -key key.pem -out client.csr
(error)

vs. 

openssl genrsa -out key.pem 4096
openssl req -subj '/CN=client' -new -key key.pem -out client.csr
(success)

So maybe try backing up a few steps and make sure all your previous commands were entered correctly.

evan_b
  • 101
  • 2