On Tue, Sep 25, 2007, Bynum, Don wrote:
> Please send me your extensions file, CA cert/Key and the CSR you are
> using for your intermediate. I am assuming that what you have so far is
> for testing purposes. Otherwise, I would not ask for the CA key
> (obviously). Send them to me as a zip file
enssl.org
Subject: RE: intermediate CA configuration
I have given the command
openssl x509 -req -days 365 -in intermediate.csr -CA root.certkey
-CAcreateserial -out intermediate.crt -extensions usr_cert -extfile
/etc/sll/openssl.cnf
after creating the root CA, the root.certkey is having ke
I have given the command
openssl x509 -req -days 365 -in intermediate.csr -CA root.certkey
-CAcreateserial -out intermediate.crt -extensions usr_cert -extfile
/etc/sll/openssl.cnf
after creating the root CA, the root.certkey is having key and crt files.Is
this command enough for creating the i
This should be good for most purposes. Note the basicConstraints
attribute of pathlen. Unlike the root CA which has no pathlen, the
intermediate has a pathlen of 0.
###
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always
crlDistributionPoints=URI:http://crl1.somedomain.com/IntCA.crl,UR
