At 10:37 AM 1/12/2004 +0100, Thomas writeth:
>Hi,
>
>I created a new certificate with 'CA.pl -newcert', and made a verify with
>'CA.pl -verify newreq.pem'
>The result is:
>newreq.pem:
/C=DE/ST=GERMANY/L=CITY/O=company/OU=company/CN=server.company.de/
>[EMAIL PROTECTED]
>error 18 at 0 depth lookup:self signed certificate
>OK
>
>I removed the private key with 'openssl rsa -in newreq.pem -out
slapd.key.pem'
>
>When I now try to verify with 'CA.pl -verify slapd-key.pem', I get the answer
>
>"unable to load certificate
>16175:error:0906D06C:PEM routines:PEM_read_bio:no start
>line:pem_lib.c:632:Expecting: TRUSTED CERTIFICATE"
>
>What did I do wrong ?
What is your OPENSSL_CONF environment variable set to? You have to set up
OPENSSL_CONF to point at the directory where "openssl.cnf" is located. If
it already does, then I don't know the answer. I had a similar problem
with Win32 OpenSSL until I used SysInternal's FileMon utility to track it
down.
Hope this helps!
Thomas J. Hruska -- [EMAIL PROTECTED]
Shining Light Productions -- "Meeting the needs of fellow programmers"
http://www.slproweb.com/
`'*-~.,_,.~-*'`'*-~.,_,.~-*'`'*-~.,_,.~-*'`'*-~.,_,.~-*'`'*-~.,_,.~-*'`'*-~
Tired of programming languages that are expensive or difficult to use?
Try Nuclear Vision today!
http://www.slproweb.com/products/nvml.html
Announcing Nuclear Vision v2.0, the 100% HTML-style scripting language.
Easy to learn, easy to use.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
