Hey there, I am realy new in ssl, so perhaps this Question is stupid, but perhaps I am getting an answer: Normaly first I have to create a CSR-Key : ----with this command cd /usr/local/ssl/certs /usr/local/ssl/bin/openssl req -new -x509 -days 365 -key server.key -out server.csr Ok, now I have my CSR. This one can bee send to verisign,etc to get my ca or I can make my own ca, with the following command: cd /usr/local/ssl/certs /usr/local/ssl/bin/openssl req -new -x509 -days 365 -key server.csr -out server.ca But now I get an Error-Message: Why ????? When I buils my CSR with: openssl req -new -x509 -nodes -out server.csr -keyout server.csr -days 365 then : ln -s server.csr '/usr/local/ssl/bin/x509 -noout -hash < server.csr'.0 then the CA: openssl req -new -x509 -days 365 -key server.csr -out server.ca Now everything is OK !!! I cannot understand the difference ! What and how is the best (and simple) way for building an CSR and a CA ! I hopefully waiting for an answer with examples ! Thanx Thomas ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]