On Tue, 30 Nov 2010 01:36:16 +0200 "Dr. Stephen Henson" <st...@openssl.org> wrote: >On Tue, Nov 30, 2010, iruvopen...@hushmail.com wrote: > >> On Mon, 29 Nov 2010 20:05:43 +0200 "Dr. Stephen Henson" >> <st...@openssl.org> wrote: >> Greetings! >> >> I'm doing nothing funky: >> $ openssl genrsa -des3 -out ca.key 4096 >> $ openssl req -new -x509 -days 365 -key ca.key -out ca.crt >> $ openssl genrsa -des3 -out server.key 4096 >> $ openssl req -new -key server.key -out server.csr >> $ openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key - >> set_serial 01 -out server.crt >> >> Giving to every option (company name, etc.) the default value: >> So for example, my server.crt's issuer line is: >> Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd >> and my ca.crt's subject line is: >> Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd >> > >Well that's one problem, if your certificates have the same issuer >and subject >names then you'll end up with what looks like a self-signed >certificate. Try >giving the server certificate different values from the CA. > >If there were any extensions in the server certificate that >wouldn't happen >but the command you create the server certificate with doesn't >include any and >ends up creating the deprecated V1 certificate format. > >Steve. >-- >Dr Stephen N. Henson. OpenSSL project core developer. >Commercial tech support now available see: http://www.openssl.org >___________________________________________________________________ >___ >OpenSSL Project >http://www.openssl.org >User Support Mailing List openssl- >us...@openssl.org >Automated List Manager >majord...@openssl.org
Heh, I didn't think of this :) Thank you very much, it's now working! ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
