Check the man pages (man req), the -x509 option is for a self signed cert (root), while the -new option produces a new cert request (so you are asking for conflicting tasks). In this case no request is needed because the it's the root cert. Your config option is ok.
This way a root and its asociated private key. openssl req -x509 -newkey rsa:1024 -keyout cakey.pem -out cacert.pem -days 1095 deblarinteln wrote: > > openssl req -config openssl.conf -new -x509 -days 1001 -key keys/ca.key > -out certs/ca.cer > error on line -1 of openssl.conf > Niels > -- View this message in context: http://www.nabble.com/cannot-create-openssl-master-certificate-on-my-Exchange2007-Server%21Help-needed%21-tp24583342p24588290.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org