I'm trying to create a Server-side certificate. My o/s is Windows ME. I'm using OpenSSL 0.9.7e (25 Oct 2004).
The step-by-step guide I'm using is at : http://www.eclectica.ca/howto/ssl-cert-howto.php
So far, I have:
1. Successfully created and self-signed a CA certificate (this created cacert.pem and private\cakey.pem)
The command I used was:
openssl req -new -x509 -extensions v3_ca -keyout private\cakey.pem -out cacert.pem -days 3650 -config openssl.conf
2. Successfully created a Certificate Signing Request (this created key.pem and req.pem)
The command I used was: openssl req -new -nodes -out req.pem -config openssl.conf
BUT!
3. When I try to complete the next step in the step-by-step guide, signing the certificate, I get no error from OpenSSL but it simply passes right by the query: "Sign the certificate? [y/n]:" and then tells me "CERTIFICATE WILL NOT BE CERTIFIED." And there are no other error messages displayed, so, I'm not sure how to proceed.
Actual dialogue from the failing Step 3. :
D:\OpenSSL\CA>openssl ca -out cert.pem -config openssl.conf -infiles req.pem Using configuration from openssl.conf Loading 'screen' into random state - done Enter pass phrase for ./private/cakey.pem: Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows organizationName :PRINTABLE:'Mike Zarlenga CA' organizationalUnitName:PRINTABLE:'SSL Server' localityName :PRINTABLE:'Reno' stateOrProvinceName :PRINTABLE:'Nevada' countryName :PRINTABLE:'US' commonName :PRINTABLE:'ssl.mzarlenga.com' Certificate is to be certified until Dec 18 21:50:50 2005 GMT (365 days) Sign the certificate? [y/n]: CERTIFICATE WILL NOT BE CERTIFIED
How can I diagnose and correct this problem?
Is there a better guide I can use for this?
Did I miss a step somewhere?
Thanks, Mike Zarlenga
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
