Re: How to create intermediate CA certificate with openssl

2014-11-27 Thread John Mok 
Jerry,

When you create the intermediate certificate, you need to add the
following attribute :-

basicConstraints=CA:true

Otherwise, the intermediate CA certificate can not issue server certificates.

Best regards,  John Mok

On Thu, Nov 27, 2014 at 3:43 PM, Jerry OELoo oylje...@gmail.com wrote:
 Hi All:
 Now I want to create a certificate chain by myself.
 It will looks like as below:

 Server Certificate - Intermediate CA - Root CA.

 Now I am using openssl command to create these certificate files.


 # Create CA
 openssl genrsa -out ca.key 4096
 openssl req -new -x509 -nodes -sha1 -days 1825 -key ca.key -out ca.crt

 # Create Intermediate
 openssl genrsa -out intermediate.key 4096
 openssl req -new -sha1 -key intermediate.key -out intermediate.csr

 # CA signs Intermediate
 openssl x509 -req -days 1825 -in intermediate.csr -CA ca.crt -CAkey
 ca.key -set_serial 01 -out intermediate.crt

 # Create Server
 openssl genrsa -out test.example.com.key 4096
 openssl req -new -key test.example.com.key -out test.example.com.csr

 # Intermediate signs Server
 openssl x509 -req -days 1825 -in test.example.com.csr -CA
 intermediate.crt -CAkey intermediate.key -set_serial 01 -out
 test.example.com.crt


 Now I install ca.crt into WIndows7 local Trust Root Store. when I open
 test.example.com.crt file, I can see Certificate chain in
 Certification Path.

 But I get 1 warning information on intermediate certificate This
 certification authority is not allowed to issue certificates or cannot
 be used as an end-entity certificate.

 From search, I think this is because intermediate certificate/key is
 not a correct intermediate CA that it can not sign
 test.example.com.crt.

 Please kindly give me some suggestion about how to use openssl command
 to sign test.example.com.crt with intermediate CA. Thanks!

 --
 Rejoice,I Desire!
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

How to create intermediate CA certificate with openssl

2014-11-26 Thread Jerry OELoo 
Hi All:
Now I want to create a certificate chain by myself.
It will looks like as below:

Server Certificate - Intermediate CA - Root CA.

Now I am using openssl command to create these certificate files.


# Create CA
openssl genrsa -out ca.key 4096
openssl req -new -x509 -nodes -sha1 -days 1825 -key ca.key -out ca.crt

# Create Intermediate
openssl genrsa -out intermediate.key 4096
openssl req -new -sha1 -key intermediate.key -out intermediate.csr

# CA signs Intermediate
openssl x509 -req -days 1825 -in intermediate.csr -CA ca.crt -CAkey
ca.key -set_serial 01 -out intermediate.crt

# Create Server
openssl genrsa -out test.example.com.key 4096
openssl req -new -key test.example.com.key -out test.example.com.csr

# Intermediate signs Server
openssl x509 -req -days 1825 -in test.example.com.csr -CA
intermediate.crt -CAkey intermediate.key -set_serial 01 -out
test.example.com.crt


Now I install ca.crt into WIndows7 local Trust Root Store. when I open
test.example.com.crt file, I can see Certificate chain in
Certification Path.

But I get 1 warning information on intermediate certificate This
certification authority is not allowed to issue certificates or cannot
be used as an end-entity certificate.

From search, I think this is because intermediate certificate/key is
not a correct intermediate CA that it can not sign
test.example.com.crt.

Please kindly give me some suggestion about how to use openssl command
to sign test.example.com.crt with intermediate CA. Thanks!

-- 
Rejoice,I Desire!
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

How to create intermediate CA

2007-02-06 Thread Bhat, Jayalakshmi Manjunath 
Hi All,

Please can any one tell me what are the different methods to create an
Intermediate ca certificate.

Regards,
Jaya
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]