On Tue, Nov 30, 2010, iruvopen...@hushmail.com wrote: > On Mon, 29 Nov 2010 20:05:43 +0200 "Dr. Stephen Henson" > <st...@openssl.org> wrote: > Greetings! > > I'm doing nothing funky: > $ openssl genrsa -des3 -out ca.key 4096 > $ openssl req -new -x509 -days 365 -key ca.key -out ca.crt > $ openssl genrsa -des3 -out server.key 4096 > $ openssl req -new -key server.key -out server.csr > $ openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key - > set_serial 01 -out server.crt > > Giving to every option (company name, etc.) the default value: > So for example, my server.crt's issuer line is: > Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd > and my ca.crt's subject line is: > Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd >
Well that's one problem, if your certificates have the same issuer and subject names then you'll end up with what looks like a self-signed certificate. Try giving the server certificate different values from the CA. If there were any extensions in the server certificate that wouldn't happen but the command you create the server certificate with doesn't include any and ends up creating the deprecated V1 certificate format. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
