Check the man pages (man req), the -x509 option is for a self signed cert
(root), while the -new option produces a new cert request (so you are asking
for conflicting tasks). In this case no request is needed because the it's
the root cert. Your config option is ok.
This way a root and its asociated private key.
openssl req -x509 -newkey rsa:1024 -keyout cakey.pem -out cacert.pem
-days 1095
deblarinteln wrote:
>
> openssl req -config openssl.conf -new -x509 -days 1001 -key keys/ca.key
> -out certs/ca.cer
> error on line -1 of openssl.conf
> Niels
>
--
View this message in context:
http://www.nabble.com/cannot-create-openssl-master-certificate-on-my-Exchange2007-Server%21Help-needed%21-tp24583342p24588290.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
