It might be the 2048 bit DSA cert it doesn't like. Try with a 1024 bit DSA key or a 2048 bit RSA key.
Yup, that seems to be the problem, it didn't like 2048 bit DSA keys. It is happy with 1024 bit DSA keys and 2048 bit RSA keys. I'm creating the certs for an embedded security device that could easily have a >15 year life and typically won't have an internet connection, so I want to make sure that I'm using enough bits to cover the life of the device. I guess I'll go with 2048 bit RSA keys. Thanks, Clem ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]