I am facing the same issue. I want to automate adding of CA certificate to the client machine. Where can I get this CA.sh? Will it automate client process of adding the CA certificate as trusted one? I found CA.pl, a wrapper script by Eric. Is it the same you are talking of?
On Fri, Jun 13, 2008 at 3:33 AM, Kyle Hamilton <[EMAIL PROTECTED]> wrote: > Read the manpage for verify(1ssl) for information on how to get > openssl's commandline tools to recognize a root certificate as > 'trusted'. > > The same type of thing must be done in your client. The root > certificate must be added to the list of CAs that are trusted. I'm > not quite sure the precise API to use to do so. > > Also: I would recommend you look at the CA.sh shell script to handle > things as a minimal Certifying Authority. It automates the entire > procedure. > > -Kyle H > > On Fri, Jun 13, 2008 at 3:05 AM, lakshmi prasanna <[EMAIL PROTECTED]> > wrote: > > Hi, > > > > Thanks for the reply. > > > > I have setup CA, and generated cacert.pem and cakey.pem files. I > > signed the rootrequest with cacert.pem and generated rootcert.pem. > > even then the same error is observed saying "Self signed certificate". > > Actually I am setting up a local CA in this case. > > > > Can we sign the root certificate by the CA or should we sign the root > > certificate request and then generate the root certificate from the > > request? > > > > Actually, I am following the steps in the book Orielly's Network > > security with Openssl to generate the certificates. > > Can u please send me the exact steps to create a CA and generate CA > > signed certificates? > > > > thanks, > > Lakshmi Prasanna > > > > > > On Fri, Jun 13, 2008 at 2:33 PM, [EMAIL PROTECTED] > > <[EMAIL PROTECTED]> wrote: > >>Hi, > >> > >> The below error is obtained when no CA is setup in the machine, ie., > >> cacert.pem and cakey.pem file are not present and the root certificate > is > >> not signed by the CA. > >> > >> "lakshmi prasanna" wrote: > >>> > >>> > >>> The root certificate is signed by the root key generated while creating > the > >>> certificate using command: > >>> * openssl x509 -req -in rootreq.pem -sha1 -extensions v3_ca > >>> -signkey rootkey.pem -out rootcert.pem* > >>> > >>> -Error with certificate at depth: 2 > >>> issuer = /C=IN/ST=AP/L=HYD/O=Intoto Software (I) Pvt. > Ltd/OU=Root/CN=Root > >>> Intoto/[EMAIL PROTECTED] > >>> subject = /C=IN/ST=AP/L=HYD/O=Intoto Software (I) Pvt. > Ltd/OU=Root/CN=Root > >>> Intoto/[EMAIL PROTECTED] > >>> err 19:self signed certificate in certificate chain > >>> SSL_connect failed > >>> ** client.c:80 Error connecting SSL object > >>> 16384:error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate > >>> verify failed:s3_clnt.c:843: > >>> > >>> Any help regarding this... > >>> -- > >>> thanks, > >>> Lakshmi Prasanna > >> > > > > > > > > -- > > thanks, > > Lakshmi Prasanna > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager [EMAIL PROTECTED] > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > -- I may be miles away... but I am just a email away.... so keep emailing...!!! Cheers, Rajan
