On Mon, Nov 19, 2012, Erwann Abalea wrote: > You should get better CA scripts, or build your own set after > reading your openssl.cnf file and other associated documentation. > > man req > man x509 > man ca > man x509v3_config > > When I need a junk CA, I personaly use "openssl req" to create the > root, and "openssl ca" for all other certificates (intermediate CAs > or end-entities).
There is also a simple perl script that does this called CA.pl, see: http://www.openssl.org/docs/apps/CA.pl.html It includes an option to sign a CA certificate using appropriate extensions. It's fine for test CAs but for more advanced usage you need to check the relevant documentation of the utilities. This question crops up so often it is in the FAQ: http://www.openssl.org/support/faq.html#USER3 Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
