Hello

I'm creating a self-signed x509 certificate with some extensions.
I have to set DNS and URI in subjectAltName,
keyUsage and extendedKeyUsage.

Sample: 
subjectAltName = URI:opc.tcp://FOO:4840, DNS:FOO
keyUsage = nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth

If I do so I get an invalid certificate: "certificate signing authority is 
unknown or invalid"
Without the extensions the certificate is valid.

I think OpenSSL is missing some information of this extensions are present.

The questions
1.) Do I have to set basicConstraints to CA:TRUE or CA:FALSE for a self-signed 
certificate?
2.) What extension is missing or wrong so that I can get valid certificate?


-- 
mit freundlichen Grüßen / best regards
 
Gerhard Gappmeier
ascolab GmbH - automation system communication laboratory
Tel.: +49 9131 691 123
Fax: +49 9131 691 128
Web: http://www.ascolab.com
GPG-Key: http://www.ascolab.com/gpg/gg.asc
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to