On Wed, Oct 8, 2014 at 11:17 PM, dE <de.tec...@gmail.com> wrote: > Hi! > > I'm trying to make a certificate chain using the following commands -- > > openssl genpkey -out issuer.key -algorithm rsa > openssl genpkey -out intermediate.key -algorithm rsa > openssl req -new -key issuer.key -out issuer.csr > openssl req -new -key intermediate.key -out intermediate.csr > openssl x509 -req -days 365 -in issuer.csr -signkey issuer.key -out > issuer.pem > openssl x509 -req -days 360 -in intermediate.csr -CA issuer.pem -CAkey > issuer.key -CAcreateserial -out intermediate.pem > > After importing issuer.key to chrome/FF when I try to import > intermediate.pem, I get errors. Namely -- > > "This is not a certificate authority certificate, so it can't be imported > into the certificate authority list." from FF and "intermediate: Not a > Certification Authority" from Chrome. > > Other intermediate certificates as provided by websites work fine.
Probably because they have the proper extensions that designate them as intermediate CAs. - M ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
