I'm trying to make a fake certificate on my SSL apache using make certificate TYPE=test. For some reason, it worked on one of my machines and fails on all the rest. The error looks like this:
STEP 3: Generating X.509 certificate signed by Snake Oil CA [server.crt]
Certificate Version (1 or 3) [3]:
Signature ok
subject=/C=XY/ST=Snake Desert/L=Snake Town/O=Snake Oil, Ltd/OU=Webserver > Team/CN=www.snakeoil.dom/[EMAIL PROTECTED]
Getting CA Private Key
Verify: matching certificate & key modulus
Verify: matching certificate signature
../conf/ssl.crt/server.crt: /C=XY/ST=Snake Desert/L=Snake Town/O=Snake Oil, Ltd/OU=Certificate Authority/CN=Snake Oil CA/[EMAIL PROTECTED]
error 10 at 1 depth lookup:certificate has expired
OK
What this error message says is that the CA certificate (Snake Oil CA) is expired.
The signature on the server certificate (www.snakeoil.dom) can therefore not be validated.
Did you check the expiration date on the CA certificate?
If it is expired you will have to make a new one (you can use the same keypair, if that seems safe enough for you, so you do not have to re-issue
all the server certificates).
Can you attach both certificates to your email?
Does this certificate look up my local IP number?
No, not to verify the certificate. But the server name has to match when you want to use it for SSL.
Regards,
Thilo
