I've included [EMAIL PROTECTED] as additional requestor. I hope noone minds.
Can you tell me exactly what is wrong with the certificate in question? "not functional" doesn't say very much. If you want to send me the certificate (NOT the key) in question, please do, that would help a lot. I just tested with serial number 00, using the latest Debian kit, and as far as I can see, the certificate looks like it should Something to note, however, is that the CA certificate usually has serial number 0, at least when creating it with OpenSSL the way it's usually described. Therefore, there may be problems verifying, since the serial number 0 will be in two cerificates, and certificates are sometimes accessed as issuer+serial (to get the exact certificate) instead of subject. In the case where the CA cert and one of the issued certs have the same serial number, issuer+serial will lead to both of them, which in this case is an error. However, that's a user error rather than an OpenSSL one, since CA certs can, technically have any serial number, just as any other certificate... [EMAIL PROTECTED], relayed by [EMAIL PROTECTED] - Thu Mar 27 17:43:22 2003]: >when the serial file has the value "00" the signed certificate will not be valid. >I was searching 2 days for this problem... >When serial is "0" or "000" then "openssl ca" will report that the serial value is >wrong. >But he accepts "00", which will produce a not functional certificate. -- Richard Levitte [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
