Hello All. I am new using openssl, and I will probably be using it in the future, so I started to play around a bit to understand how it works. What I tried to do is create my own certification authority, create my own server certificate and then sign it with the CA. I could manage to do this, without getting any errors from openssl, but when I examine the certificate (on windows) I can clearly see that something has gone wrong: Looking at the server certificate, If I go to the details tab of the certificate I can clearly see the Issuer, with all the different details of the CA, but if I go to the Certification Path Tab, I can see this in the status: The issuer of this certificate could not be found. Also in the certification path where I should see the chain of the certification, the CA is nowhere to be found, only the server certificate itself. Of course if I add the CA as trusted, the server is still untrusted, since windows does not recognize the server certificate as it was signed by the CA (even if we can clearly see the CA as the issuer in the details window!)
Taking all this into account it is quite obvious that I have messed up some step, and I hope you help me find what is wrong. Here are the different commands that I made to make this set of certificates: openssl genrsa -out root.key 2048 Generates root.key as the private key of the CA openssl req -x509 -new -nodes -key root.key -days 360 -out root.pem Generates root.pem openssl -x509 -new -nodes -key root.key -days 360 -out root.der -outform der Generates root.der openssl genrsa -out server.key 2048 Generates server.key, as the private key of the server openssl req -new -key server.key -out server.csr Generates server.csr, as a sign request openssl x509 -req -in server.csr -CA root.pem -CAkey root.key -CAcreateserial -out server.der -outform server.der -days 360 Generates server.der, as the final server certificate, signed by the CA. After doing this, in theory, I install the certificate root.der into windows and server.der should be automatically trusted, but this is not the case cause it doesn't recognize root.der as the signer of server.der What I am doing wrong? Thank you for your time beforehand. Best Regards/Saludos/Cordialement/Mit freundlichen Grüßen Damian Abalo Miron EN-ICE-SIC Ext 79976
