I am doing Server Authentication where i keep ROOT cert are my client and Server cert ( could be Selfsigned or chained cert).
The issue here is i am facing the below error when ever i am using 2-level-CA cert even more. Alert Level: Fatal, Description: Unable to verify leaf signature (21) Due to my limited knowledge hence I am not sure whether I am using correct command to generate Chained Hirerchy. Please guide me or suggest me. I am creating a 3-Level-CA like this : rootCA---> ServerCA--- >ServerCA1----- > Server. i.e. server cert >>> intermediate CA1 >>> intermediate CA2 >>> root CA Here are the commands OPENSSL req -newkey rsa:1024 -sha1 -keyout rootkey.pem -out rootreq.pem -config root.cnf OPENSSL x509 -req -in rootreq.pem -sha1 -extfile root.cnf -extensions certificate_extensions -signkey rootkey.pem -out rootcert.pem CAT rootcert.pem rootkey.pem > root.pem OPENSSL req -newkey rsa:1024 -sha1 -keyout serverCAkey.pem -out serverCAreq.pem -config serverCA.cnf OPENSSL x509 -req -in serverCAreq.pem -sha1 -extfile serverCA.cnf -extensions certificate_extensions -CA root.pem -CAkey root.pem -CAcreateserial -out serverCAcert.pem CAT serverCAcert.pem serverCAkey.pem rootcert.pem > serverCA.pem OPENSSL req -newkey rsa:1024 -sha1 -keyout serverCAkey1.pem -out serverCAreq1.pem -config serverCA1.cnf OPENSSL x509 -req -in serverCAreq1.pem -sha1 -extfile serverCA1.cnf -extensions certificate_extensions -CA serverCA.pem -CAkey serverCA.pem -CAcreateserial -out serverCAcert1.pem CAT serverCAcert1.pem serverCAkey1.pem serverCAcert.pem rootcert.pem > serverCA1.pem OPENSSL req -newkey rsa:1024 -sha1 -keyout serverkey.pem -out serverreq.pem -config server.cnf -reqexts req_extensions OPENSSL x509 -req -in serverreq.pem -sha1 -extfile server.cnf -extensions certificate_extensions -CA serverCA1.pem -CAkey serverCA1.pem -CAcreateserial -out servercert.pem CAT servercert.pem serverkey.pem serverCAcert1.pem serverCAcert.pem rootcert.pem > server.pem I used root.pem at Client Side and Server.pem at Server Side. But i am seeing the error Alert Level: Fatal, Description: Unable to verify leaf signature (21) Please help me . Best Regards, S S Rout -- View this message in context: http://old.nabble.com/How-to-create-own-Chained-Based-Server-Certifciate---tp33478099p33478099.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org