Hello,
I am running on Centos 6.3 where it looks like Openssl is 1.0.0-25
I am creating my cert with:
openssl req -new -outform PEM -out certs/test.htt-consult.com.crt
-newkey rsa:2048 -nodes -keyout private/test.htt-consult.com.key
-keyform PEM -days 3650 -x509
This prompts me for the content of DN, going through: C, ST, L, O, OU,
CN, and emailAddress; I supply values for all except OU.
The beginning of the output from: openssl x509 -in
certs/test.htt-consult.com.crt -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ee:70:05:38:4b:d0:d4:c1
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=MI, L=Oak Park, O=HTT Consulting,
CN=test1.test.htt-consult.com/emailAddress=postmas...@test.htt-consult.com
Validity
Not Before: Dec 31 21:11:02 2012 GMT
Not After : Dec 29 21:11:02 2022 GMT
Subject: C=US, ST=MI, L=Oak Park, O=HTT Consulting,
CN=test1.test.htt-consult.com/emailAddress=postmas...@test.htt-consult.com
Note the lack of a comma after CN before emailAddress. Becuase in
/var/log/httpd/ssl_error_log I see:
[Mon Dec 31 16:11:36 2012] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Mon Dec 31 16:11:36 2012] [warn] RSA server certificate CommonName (CN)
`test1.htt-consult.com' does NOT match server name!?
[Mon Dec 31 16:11:36 2012] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Mon Dec 31 16:11:36 2012] [warn] RSA server certificate CommonName (CN)
`test1.htt-consult.com' does NOT match server name!?
All I can figure out is the problem for the CN warning is something to
do with the run together of CN and emailAddress. Where do I look to
correct this?
Separate question is the "BasicConstraints: CA == TRUE" warning. I am
trying to figure out why it I have that. I only wanted a self-signed
cert; should it have this?
Thank you
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
