ca2cert.cacert is not a valid CA: the extensions are wrong. When you sign the request for CA2 you need to use the correct CA extensions. Check out some of the stuff in docs/openssl.txt for some info. CAs and end user certificates have different extensions so end users can't pretend to be a CA. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
