Hello I'm creating a self-signed x509 certificate with some extensions. I have to set DNS and URI in subjectAltName, keyUsage and extendedKeyUsage.
Sample: subjectAltName = URI:opc.tcp://FOO:4840, DNS:FOO keyUsage = nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth, clientAuth If I do so I get an invalid certificate: "certificate signing authority is unknown or invalid" Without the extensions the certificate is valid. I think OpenSSL is missing some information of this extensions are present. The questions 1.) Do I have to set basicConstraints to CA:TRUE or CA:FALSE for a self-signed certificate? 2.) What extension is missing or wrong so that I can get valid certificate? -- mit freundlichen Grüßen / best regards Gerhard Gappmeier ascolab GmbH - automation system communication laboratory Tel.: +49 9131 691 123 Fax: +49 9131 691 128 Web: http://www.ascolab.com GPG-Key: http://www.ascolab.com/gpg/gg.asc ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]