SSL3 decrypt error lead to openssl_handshake bad signature

molik

2/25/23, 2:23 PM

I have an authentication server based on certificate. The previous roll of certificate (1 CA + 1 Server + 1 Client) worked perfectly. A few days ago the client certificate expired and I had to generate a new one. I encountered the following problem so I generated once again all of the certificates (CA, Server and Client) but the problem still remain.

The server hold the CA + Server + Client certificates. The Client hold the CA + Client certificates.

Here is the error I the client get when trying to authenticate (using wpasupplicant) :

root@HP:/etc/wpa_supplicant# wpa_supplicant -c certs.conf -D wired -i enp63s0
  Successfully initialized wpa_supplicant
  enp63s0: Associated with 01:80:c2:00:00:03
  enp63s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
  enp6350: CTRL-EVENT-EAP-STARTED EAP authentication started
  enp63s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13
  enp6350: CTRL-EVENT-EAP-METHOD EAP vendor e method 13 (TLS) selected
  enp63s0: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=FR/ST=Radius/L=Somewhere/O=Example Inc. /[email protected]/CN=Example certificate Authority' hash=71d392c4f64b1dd18d378c57fea2f2673a26ad4a93974f70e5c1a44709f89ab3
  enp6350: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=FR/ST=Radius/0=Example Inc./CN=Example Server Certificate/[email protected]' hash=c6c4425f12a6540ca9327769d50e95de32df60aac46c0dcd
54291db880192a5
> SSL: SSL3 alert: write (local SSL3 detected an error): fatal:decrypt error
> OpenSSL: openssl_handshake - SSL_connect error:0407E068:rsa routines:RSA_verify_PKCS1_PSS_mgf1:bad signature
> OpenSSL: pending error: error:1416D07B:SSL routines:tls_process_key_exchange: bad signature
  enp6350: CTRL-EVENT-EAP-FAILURE EAP authentication failed
  Cenp6350: CTRL-EVENT-DISCONNECTED bssid=01:80:c2:00:00:03 reason=3 locally_generated=1
  enp6350: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="" auth_failures=1 duration=10 reason=AUTH_FAILED
  enp63s0: CTRL-EVENT-TERMINATING
root@HP:/etc/wpa_supplicant#

The error lines are at the ">".

I tested the fingerprint of the certificates stored on the client and they are the same as the one on the server.

Do you know where the problem come from ?

Edit : Can you explain to me what a bad signature mean ? I wasn't able to find it

224

0 + 0

ssl

certificate

Lasse Michael Mølgaard

2/25/23, 2:37 PM

Are you using an intermediate certificate? In that case I'm guessing it is due to it doesn't know which root certificate have signed the intermediate certificate.

molik

2/26/23, 6:57 AM

No there isn't any intermediate certificates. I found what caused the problem and it's a bit embarassing. The virtual machine running the server appear to dont take the host date at boot, the server was stuck in the past. The authentication work now.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: SSL3 decrypt error lead to openssl_handshake bad signature

TH: ข้อผิดพลาดในการถอดรหัส SSL3 นำไปสู่ openssl_handshake ลายเซ็นที่ไม่ดี

RO: Eroarea de decriptare SSL3 duce la semnătură greșită openssl_handshake

RU: Ошибка расшифровки SSL3 приводит к плохой подписи openssl_handshake

VI: Lỗi giải mã SSL3 dẫn đến chữ ký xấu openssl_handshake

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.