How to create own Chained Based Server Certifciate ?

Mr.Rout Sat, 10 Mar 2012 10:38:10 -0800

I am doing Server Authentication where i keep ROOT cert are my client and
Server cert ( could be Selfsigned or chained cert).


The issue here is i am facing  the below error when ever i am using
2-level-CA  cert even more.

Alert Level: Fatal, Description: Unable to verify leaf signature (21)


Due to my limited knowledge hence I am not sure whether I am using correct
command to generate Chained Hirerchy. Please guide me or suggest me.

I am creating a 3-Level-CA like this : rootCA---> ServerCA---
>ServerCA1----- > Server.  

i.e.  server cert >>> intermediate CA1 >>> intermediate CA2 >>> root CA

Here are the commands

                OPENSSL req -newkey rsa:1024 -sha1 -keyout rootkey.pem -out
rootreq.pem -config root.cnf
                OPENSSL  x509 -req -in rootreq.pem -sha1 -extfile root.cnf
-extensions certificate_extensions -signkey rootkey.pem -out rootcert.pem
                CAT  rootcert.pem rootkey.pem > root.pem

                OPENSSL  req -newkey rsa:1024 -sha1 -keyout serverCAkey.pem
-out serverCAreq.pem -config serverCA.cnf
                OPENSSL  x509 -req -in serverCAreq.pem -sha1 -extfile
serverCA.cnf -extensions certificate_extensions -CA root.pem -CAkey root.pem
-CAcreateserial -out serverCAcert.pem
                CAT  serverCAcert.pem serverCAkey.pem rootcert.pem >
serverCA.pem

                OPENSSL  req -newkey rsa:1024 -sha1 -keyout serverCAkey1.pem
-out serverCAreq1.pem -config serverCA1.cnf
                OPENSSL  x509 -req -in serverCAreq1.pem -sha1 -extfile
serverCA1.cnf -extensions certificate_extensions -CA serverCA.pem -CAkey
serverCA.pem -CAcreateserial -out serverCAcert1.pem
                CAT  serverCAcert1.pem serverCAkey1.pem serverCAcert.pem
rootcert.pem > serverCA1.pem

                OPENSSL  req -newkey rsa:1024 -sha1 -keyout serverkey.pem
-out serverreq.pem -config server.cnf -reqexts req_extensions
                OPENSSL  x509 -req -in serverreq.pem -sha1 -extfile
server.cnf -extensions certificate_extensions -CA serverCA1.pem -CAkey
serverCA1.pem -CAcreateserial -out servercert.pem
                CAT  servercert.pem serverkey.pem serverCAcert1.pem
serverCAcert.pem rootcert.pem > server.pem



I used root.pem at  Client Side and Server.pem at Server Side. But i am
seeing the error
Alert Level: Fatal, Description: Unable to verify leaf signature (21)


Please help me .

Best Regards,
S S Rout
-- 
View this message in context: 
http://old.nabble.com/How-to-create-own-Chained-Based-Server-Certifciate---tp33478099p33478099.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [email protected]
Automated List Manager                           [email protected]

How to create own Chained Based Server Certifciate ?

Reply via email to