Answers inline.
--
Erwann ABALEA
-----
Un forum peut répondre à plusieurs besoins à la fois
Ici, le groupe des débutants dépasse en nombre le groupe des utilisateur
"middle-class" ce qui provoque inévitablement des tensions.
-+- EF - Guide du Neuneu d'Usenet - La lutte des middle classes -+-
Le 19/11/2012 19:47, Deeztek.com Support a écrit :
Maybe I got something wrong creating the intermediate CA which is
supposed to be the 2nd certificate. This is what I did to create the
intermediate CA. Maybe I missed something?
Generated Intermediate CA key:
openssl genrsa -out ia.key 4096
Generated Intermediate CA Certificate Request:
openssl req -new -key ia.key -out ia.csr
Processed Intermediate CA request and signed by the CA:
openssl x509 -req -days 1825 -in ia.csr -CA ca.crt -CAkey ca.key
-set_serial 01 -out ia.crt
There's no mention of the extensions you put in your intermediate
certificate.
It may have magically worked, if the openssl configuration file had been
properly filled. The default configuration file doesn't set any
extension when you create a certificate with "openssl x509", whence
version 1.
You should get better CA scripts, or build your own set after reading
your openssl.cnf file and other associated documentation.
man req
man x509
man ca
man x509v3_config
When I need a junk CA, I personaly use "openssl req" to create the root,
and "openssl ca" for all other certificates (intermediate CAs or
end-entities).
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org