On Sun, 12 Mar 2000 00:27:58 -0500 in Gary Harris <[EMAIL PROTECTED]> wrote:
> There is a file "serial" in the ssl directory. It increments from whatever
> number is stored in that file.
My openssl.cnf specifies a serial file, but that file is ignored when I
create a CA certificate using:
openssl genrsa -des3 -out ca.key 1024
openssl req -new -x509 -days 1825 -key ca.key -out ca.crt
I'm also not sure that's what MSIE is barfing on--I see that there's at
least one CA cert in Netscape that has a serial of 0 (ABA.ECOM Root CA).
Jim Lippard [EMAIL PROTECTED] http://www.discord.org/
Unsolicited bulk email charge: $500/message. Don't send me any.
PGP Fingerprint: 0C1F FE18 D311 1792 5EA8 43C8 7AD2 B485 DE75 841C
> ----- Original Message -----
> From: James J. Lippard <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Saturday, March 11, 2000 5:55 PM
> Subject: MSIE doesn't like CA certificate
>
>
> > I've created my own CA, but MSIE 4.5 claims that "The identity
> > certificate is invalid" (but has no problem with a server certificate
> > signed by that CA). Netscape has no problems with it. I had
> > previously had problems getting MSIE to even recognize the server
> > certificate, which proved to be caused by not having the v3_ca
> > extensions set.
> >
> > I'm using the openssl.cnf file that comes in /usr/src/lib/libssl/src/apps/
> > on OpenBSD 2.6; it's OpenSSL 0.9.4.
> >
> > Does anyone have any suggestions? Can MSIE deal with a 0 serial number?
> > If not, how can I set the serial number in my CA certificate when I
> > create it?
> >
> > Jim Lippard [EMAIL PROTECTED] http://www.discord.org/
> > Unsolicited bulk email charge: $500/message. Don't send me any.
> > PGP Fingerprint: 0C1F FE18 D311 1792 5EA8 43C8 7AD2 B485 DE75 841C
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
