So the documentation on generating a self signed cert  is not correct. 

Isn't the key generated in that document technically the root CA?‎ 

  Original Message  
From: Tomasz Sterna
Sent: Tuesday, May 3, 2016 5:12 AM
To: jabberd2@lists.xiaoka.com
Reply To: jabberd2@lists.xiaoka.com
Subject: Re: self signed cert

W dniu 03.05.2016, wto o godzinie 02∶12 -0700, użytkownik
li...@lazygranch.com napisał:
> How exactly do I specify the cachain for a self signed cert.

You need to put your root CA used to sign the cert to the CA certs
store specified in 'cachain' option.

This is to encourage deployments to stop using self-signed certs, of
questionable security, and instead get a real cert.
You can get real, widely accepted certs for free.


> I get openssl error 18 meaning it can't be verified. Setting
> verify-mode='0' didn't help.

verify-mode sets how should the server verify client provided
certificates. 0 (SSL_VERIFY_NONE[1]) is the default.



[1] https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_verify.html

-- 
/o__ 
(_<^' I respect faith, but doubt is what gives you an education.



Reply via email to