You may want to download and try ssl.ca-0.1. I found it in the "Miscellameous
Contributions" area of the OpenSSL web site (www.openssl.org). I've used this set
of scripts successfully to create a root CA, sign the server's certificate, and
create and sign user certs. I've even had great success excporting user certs in
p12 format for Netscape. Ssl.ca is a well-written script set.
[EMAIL PROTECTED] wrote:
> Full_Name: Wes Barris
> Version: 2.7.1
> OS: Redha 7
> Submission from: (NULL) (144.34.33.41)
>
> Hello,
>
> I am following the instructions in the following file:
>
> mod_ssl-2.7.1-3: /var/www/html/manual/mod/mod_ssl/ssl_faq.html
>
> I am trying to create my own CA as described under the following
> heading in that file:
>
> "How can I create and use my own Certificate Authority (CA)? [L]"
>
> All goes well until I use the "sign.sh" command (which, for some reason
> is not packaged with the mod_ssl-2.7.1-3.i386.rpm for Redhat 7). Here
> is a transcript of the error:
>
> wes@kirby> ./sign.sh server.csr
> CA signing: server.csr -> server.crt:
> Using configuration from ca.config
> Enter PEM pass phrase:
> Check that the request matches the signature
> Signature ok
> The Subjects Distinguished Name is as follows
> countryName :PRINTABLE:'US'
> stateOrProvinceName :PRINTABLE:'Minnesota'
> localityName :PRINTABLE:'Minneapolis'
> organizationName :PRINTABLE:'Network Computing Services, Inc.'
> organizationalUnitName:PRINTABLE:'Security Division'
> commonName :PRINTABLE:'kirby.hpcmp.hpc.mil'
> emailAddress :IA5STRING:'[EMAIL PROTECTED]'
> Certificate is to be certified until Mar 8 16:21:13 2002 GMT (365 days)
> Sign the certificate? [y/n]:y
>
> 1 out of 1 certificate requests certified, commit? [y/n]y
> Write out database with 1 new entries
> Data Base Updated
> CA verifying: server.crt <-> CA cert
> server.crt: /C=US/ST=Minnesota/L=Minneapolis/O=Network Computing Services,
> Inc./OU=Security [EMAIL PROTECTED]
> error 18 at 0 depth lookup:self signed certificate
> /C=US/ST=Minnesota/L=Minneapolis/O=Network Computing Services, Inc./OU=Security
> [EMAIL PROTECTED]
> error 7 at 0 depth lookup:certificate signature failure
> wes@kirby>
>
> I can see two errors but I don't know what they mean or what I am supposed
> to do about them. Im I doing something wrong?
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
Mike Carter
Pilot/SysAdmin
[EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
