Well I figured out what's happening. The reason windows was complaining about the certificate is that the subjectkeyidentifier was getting set to the same value as authoritykeyidentifier. Firefox didn't pick up on this, but windows did. I was creating the subjectkeyidentifier before the subject was set. Now why openssl inserted the authoritykeyidentifier for the subjectkeyidentifier I'm not sure. My best guess is that it got in a state where it thought the certificate was self signed?
Chris ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
