On Wed, February 6, 2013 23:47, Thomas Koeller wrote: > bash-4.0$ openssl verify -x509_strict -CAfile cacert/root_ca.pem -purpose > sslserver cacert/host_ca.pem > cacert/host_ca.pem: C = DE, ST = Hamburg, O = K\C3\B6ller Family, OU = > K\C3\B6ller Family Certification Authority, CN = K\C3\B6ller Family > Host Signing Certificate > error 26 at 0 depth lookup:unsupported certificate purpose > OK > > Can anybody tell why I am getting this error, and what I should do about > it?
I think this is correct, you tested your CA intermediate certificate ... because of this: > SSL server : No > SSL server CA : Yes I get the same with my CA by the way, your CA certificates have a very long validity, which key length did you use? openssl verify -x509_strict -CAfile concatCA.pem -purpose sslserver ssl.pem concatCA.pem is just this ( cat cacert/root_ca.pem; cat cacert/host_ca.pem ) > concatCA.pem ssl.pem is signed with the intermediate cert cacert/host_ca.pem and is used for your Webserver ... will give you just ok. Walter ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
