On Wed, Mar 16, 2005, Vu Pham wrote: > > Currently I have a self-signed certificate as CA root. > I use this CA root to sign the cert B. I import CA root to my PC, and use > cert B on the web server. > > The following commands are what I used : > > 1. To create CA root > # openssl req -x509 -newkey rsa -out cacert.pem -outform PEM > with OPENSSL_CONF set to my configuration file > > 2. To create a cert request > # openssl req -newkey rsa:1024 -keyout pdakeypass.pem -keyform PEM -out > pdareq.pem -outform PEM > > 3. To clear the passphrase in cert key > # openssl rsa -in pdakeypass.pem -out pdakey.pem > > 4. To sign cert in step 2. > # openssl ca -in pdareq.pem > > Then I use the two files pdareq.pem and pdakey.pem for my Apache for cert > and its key. > The cacert.pem in step 1 is imported to my PC. > > > Are those steps correct ? I think I am missing something but do not know > what it is. >
Well I'd suggest that you try the OpenSSL s_server utility with the -www option first. Connect to it using https://hostname:4433/ and see what happens. You could also post the certificates to the list. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
