Hi, These are the steps I am using to create a CA and then sign a certificate. openssl req -x509 -newkey rsa:1024 -keyout cakey.pem -out cacert.pem -config openssl.cnf then i follow the prompts. after cacert.pem is created a copy the private key into democa/private and cacert.pem into democa/. then i do openssl ca -ss_cert cacert.pem -out cacert2.pem -config openssl.cnf once completed i copy cacert2.pem over cacert because its signed now right? next i do openssl req -newkey rsa:1024 -keyout skey.pem -out ser.pem - config openssl.cnf and follow th prompts then i sign it. openssl ca -in ser.pem -out server.pem -config openssl.cnf have i created the CA correctly? do I know have a CA root certificate I can use for my trusted CA list? do I have a valid server certificate that can be sent for my client application to verify against the trusted CA certificate? thanks for the continued support guys Evan Get your own zoom email - click here - http://www.zoom.co.uk/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]