Create a self-signed X.509 certificate as follows # cat extensions.cnf extensions = x509v3 [ x509v3 ] basicConstraints = CA:TRUE keyUsage = keyCertSign, cRLSign extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection, timeStamping subjectKeyIdentifier = hash crlDistributionPoints = URI:https://... # openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out ca.key.pwd -outform PEM -aes-256-cbc -pass pass:test # openssl rsa -in ca.key.pwd -out ca.key -passin pass:test # openssl req -new -nodes -key ca.key -sha256 -out ca.csr # openssl req -in ca.csr -noout -text The CSR looks like Certificate Request: Data: Version: 0 (0x0) Subject: ... Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: ... Exponent: 65537 (0x10001) Attributes: challengePassword :unable to print attribute Signature Algorithm: sha256WithRSAEncryption ... Proceed with creating the certificate # openssl x509 -req -set_serial 0 -days 3650 -in ca.csr -signkey ca.key -out ca.pem -extfile extensions.cnf -text # openssl x509 -in ca.pem -noout -text The certificate looks like Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha1WithRSAEncryption Issuer: ... Validity Not Before: Jul 12 19:03:57 2015 GMT Not After : Jul 9 19:03:57 2025 GMT Subject: ... Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: ... Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:TRUE X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection, Time Stamping X509v3 Subject Key Identifier: 66:F5:34:B3:5E:A4:54:3F:5B:BE:CB:F0:11:7A:C7:09:5C:43:08:0C X509v3 CRL Distribution Points: URI:https://... Signature Algorithm: sha1WithRSAEncryption ... The signature algorithm is sha1WithRSAEncryption but should be sha256WithRSAEncryption. The openssl x509 command did not report any errors or warnings. The behaviour could be reproduced on two different Gentoo installations. The procedure works as expected on Debian Linux.
If you add -sha256 to options when creating the certificate, it will be sha2. According to the man page (openssl-x509): -md2|-md5|-sha1|-mdc2 the digest to use. This affects any signing or display option that uses a message digest, such as the -fingerprint, -signkey and -CA options. If not specified then SHA1 is used. If the key being used to sign with is a DSA key then this option has no effect: SHA1 is always used with DSA keys. So I suppose this is more an openssl stuff. Can you please post the openssl.cnf from Debian? Maybe they override the default digest.
Created attachment 406690 [details] openssl.cnf from Debian Jessie
The bug can be reproduced with OpenSSL 1.0.1p and seems to be fixed with OpenSSL 1.0.2d.
(In reply to Alexander Veit from comment #3) sounds good; thanks for testing