Re: [openssl-users] Re: Question about exporting user certificate files to .pfx

Deeztek.com Support Mon, 19 Nov 2012 10:48:53 -0800

Maybe I got something wrong creating the intermediate CA which is supposed to be the 2nd certificate. This is what I did to create the intermediate CA. Maybe I missed something?


Generated Intermediate CA key:


openssl genrsa -out ia.key 4096

Generated Intermediate CA Certificate Request:

openssl req -new -key ia.key -out ia.csr

Processed Intermediate CA request and signed by the CA:

openssl x509 -req -days 1825 -in ia.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out ia.crt


Concatenate the CA and the intermediate CA certificates together:

Root cert:
cat ca.crt > cachain.pem

Int-ca cert:

cat int-ca.crt >> cachain.pem


On 11/19/2012 1:41 PM, Erwann Abalea wrote:

Thanks.
The first certificate is your root CA, the second one is a version 1 certificate that can't be used as a CA (it would be insecure to allow it). If your end-user certificate is issued by this second certificate, then the error message is normal.



--
Deeztek.com Support
http://www.deeztek.com

smime.p7s
Description: S/MIME Cryptographic Signature

Re: [openssl-users] Re: Question about exporting user certificate files to .pfx

Reply via email to