> From: owner-openssl-us...@openssl.org On Behalf Of javierm > Sent: Tuesday, 21 July, 2009 10:02 > To: openssl-users@openssl.org > Subject: Re: cannot create openssl master certificate on my > Exchange2007 Server!Help needed! > > > Check the man pages (man req), the -x509 option is for a self > signed cert (root), while the -new option produces a new cert > request (so you are asking for conflicting tasks). In this > case no request is needed because the it's the root cert.
Yes, -x509 means generate a (root) cert instead of a certreq, but no, -new OR -newkey is still required along with -x509, otherwise it takes and self-issues an EXISTING request. -newkey implies -new; without -x509 it creates a request. > Your config option is ok. > It doesn't look like it. The error he got was unable to open config file ... does not exist. > This way a root and its asociated private key. > > openssl req -x509 -newkey rsa:1024 -keyout cakey.pem > -out cacert.pem -days 1095 > That's ONE way (since you have -newkey), but using a config file (that exists and is valid!) can be more convenient. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
