RE: Creating a CA from a Certificate signed by Thwate.

[Reiner Buehl]

Hi,   first check if your existing cert is allowed to act as a CA cert. Print the cert details with "openssl x509 -text -in <your cert.pem>". If your cert is not yet in PEM format, add "-inform DER" to the above. In the resulting output check for lines like these:           X509v3 extensions:             X509v3 Basic Constraints:                 CA:FALSE   If you find the line "CA:FALSE" (which is most likely) then your cert can only be used as a server or client cert. You then could still use it for signing if you change openssl internaly to ignore this extension, but you would violate the x509 standard and every proper coded application would refuse to use the resulting certificates.   Best Regards, Reiner. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jeremy Sent: Monday, April 09, 2001 3:47 AM To: SSL Users Subject: Creating a CA from a Certificate signed by Thwate. I'm trying to sign newly created certificates with a certificate already signed my thawte. However I'm having problems. I've read the FAQ at http://www.modssl.org/docs/2.8/ssl_faq.html, however there doesn't seem to be any information there that can help me. I've tried using the steps for creating my own CA and using sign.sh (modified for my system varibles, etc), but the many (too many to list here) ways I've tried have all failed.   Can anyone help me out? Thanks.   Using: OpenSSL 0.9.6 24   On: Redhat 6.2