> On Nov 30, 2017, at 2:46 AM, Pascal Withopf <pwith...@adiscon.com> wrote: > > Here is serverCA.pem as a file and as text
These are, I expect, test certs and keys, so posting the keys too is presumably not a problem... In any case, the problem is that the CA certificate is a v1 certificate with no extensions. It needs to be a v3 certificate with basicConstraints CA:true, and keyUsage befitting a CA. Certificate: Data: Version: 1 (0x0) Serial Number: 92:fb:86:47:d7:eb:1f:c3 Signature Algorithm: sha1WithRSAEncryption Issuer: C=XX, ST=XX, L=test, O=Testorganisation, CN=Root CA Validity Not Before: Nov 30 07:30:13 2017 GMT Not After : Dec 30 07:30:13 2017 GMT Subject: C=XX, ST=XX, L=test, O=Testorganisation, CN=Server CA Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: 00:ba:f3:7b:2b:e3:e6:ed:e4:ec:90:01:99:05:59: 62:94:16:eb:f0:fd:07:8e:5d:13:38:85:04:72:48: 05:48:76:c2:0b:bb:63:79:c7:49:4b:d2:33:5d:75: 6f:f2:79:c7:55:db:23:4d:b6:4a:89:82:b6:ff:aa: 1d:d2:07:1b:4d:68:c8:f5:3d:87:b6:76:05:bd:4a: 0a:79:d8:27:e0:0d:a7:a7:7b:39:13:85:7b:d3:b0: 02:cb:0e:3d:27:d9:a6:8a:a0:65:7c:a8:3a:72:73: a9:61:af:99:39:97:e5:f7:9c:8d:3d:4a:bd:ac:af: 4a:80:31:d7:46:c7:9a:3f:65 Exponent: 65537 (0x10001) Signature Algorithm: sha1WithRSAEncryption aa:d0:92:67:17:00:fe:33:7f:b9:94:2c:63:6e:ce:cf:02:25: 77:d9:df:1e:89:3f:6b:fd:02:54:73:04:36:54:c1:5a:a5:35: 27:4b:9d:55:55:f1:9f:d4:72:10:9a:e0:3d:42:e2:8a:af:80: aa:00:92:16:3d:16:49:9a:df:94:13:63:df:50:99:50:87:1e: a0:52:5e:ec:8b:23:4c:28:e8:f8:f3:fc:10:fc:8d:72:1d:3f: 40:ac:89:42:18:d5:80:03:df:ad:24:ff:74:c3:4e:e0:de:ac: 01:7a:df:b0:62:67:1b:85:84:bd:c4:d4:89:79:41:21:46:d6: 59:06 -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users