Hi, Thanks for the reply.
I have setup CA, and generated cacert.pem and cakey.pem files. I signed the rootrequest with cacert.pem and generated rootcert.pem. even then the same error is observed saying "Self signed certificate". Actually I am setting up a local CA in this case. Can we sign the root certificate by the CA or should we sign the root certificate request and then generate the root certificate from the request? Actually, I am following the steps in the book Orielly's Network security with Openssl to generate the certificates. Can u please send me the exact steps to create a CA and generate CA signed certificates? thanks, Lakshmi Prasanna On Fri, Jun 13, 2008 at 2:33 PM, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: >Hi, > > The below error is obtained when no CA is setup in the machine, ie., > cacert.pem and cakey.pem file are not present and the root certificate is > not signed by the CA. > > "lakshmi prasanna" wrote: >> >> >> The root certificate is signed by the root key generated while creating the >> certificate using command: >> * openssl x509 -req -in rootreq.pem -sha1 -extensions v3_ca >> -signkey rootkey.pem -out rootcert.pem* >> >> -Error with certificate at depth: 2 >> issuer = /C=IN/ST=AP/L=HYD/O=Intoto Software (I) Pvt. Ltd/OU=Root/CN=Root >> Intoto/[EMAIL PROTECTED] >> subject = /C=IN/ST=AP/L=HYD/O=Intoto Software (I) Pvt. Ltd/OU=Root/CN=Root >> Intoto/[EMAIL PROTECTED] >> err 19:self signed certificate in certificate chain >> SSL_connect failed >> ** client.c:80 Error connecting SSL object >> 16384:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate >> verify failed:s3_clnt.c:843: >> >> Any help regarding this... >> -- >> thanks, >> Lakshmi Prasanna > -- thanks, Lakshmi Prasanna ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
