$ openssl x509 -in serverCA.pem -noout -purpose gave me this
Certificate purposes: SSL client : Yes SSL client CA : No SSL server : Yes SSL server CA : No Netscape SSL server : Yes Netscape SSL server CA : No S/MIME signing : Yes S/MIME signing CA : No S/MIME encryption : Yes S/MIME encryption CA : No CRL signing : Yes CRL signing CA : No Any Purpose : Yes Any Purpose CA : Yes OCSP helper : Yes OCSP helper CA : No Time Stamp signing : No Time Stamp signing CA : No If the purpose is incorrect how can I set it? 2017-11-29 16:48 GMT+01:00 Viktor Dukhovni <openssl-us...@dukhovni.org>: > On Wed, Nov 29, 2017 at 04:33:39PM +0100, Pascal Withopf wrote: > > > Which means I have the following certificate chain: > > root.pem -> serverCA.pem -> server.pem > > > > But when I try to make a connection I see following error at the client > > side: > > Error with certificate at depth: 1 > > issuer = /C=XX/ST=XX/L=test/O=Testorganisation/CN=Root CA > > subject = /C=XX/ST=XX/L=test/O=Testorganisation/CN=Server CA > > err 24:invalid CA certificate > > The intermediate CA extensions are likely incorrect. Post > the certificate in question. > > > Did I do something wrong creating the certificates? > > Likely yes. > > -- > Viktor. > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
