; On Thu, Jan 14, 2016 at 11:08 AM, Gareth Williams <
>
> gar...@garethwilliams.me.uk> wrote:
> > On Thursday 14 January 2016 10:59:01 Mauro Romano Trajber wrote:
> > > Could you send me the ca command line? There's any way to run it without
> > > creating
temp file which is
then used with the openssl ca command, before being deleted afterwards.
If you're interested, I can dig it out later.
>
> On Thu, Jan 14, 2016 at 6:07 AM, Gareth Williams <
>
> gar...@garethwilliams.me.uk> wrote:
> > On Wednesday 13 January 2016 16
On Wednesday 13 January 2016 16:22:10 Mauro Romano Trajber
wrote:
> In which section?
>
> On section [CA_default] I have 'copy_extensions = copy'
Is that the issue? You have copy_extensions in the CA_default
section, which is no doubt referenced to by the default_ca = ... stanza
earlier in th
Thank you both for your responses.
I changed to cross-certifying at the root and it worked as expected.
However, cross-certification doesn't have to be at the root, going by
RFC 4949's definition. Neither do any of my text books on the subject
state that it has to be at the root CA level.
N
ity (a web
server) all with a really original naming convention as follows:
Gareth Williams Root CA
Gareth Williams Policy CA
Gareth Williams Issuing CA
office.garethwilliams.me.uk (test webserver)
I've concatenated the policy CA and issuing CA certificate into a single
file, and running:
