Hi All's,
I'm using OpenSSL 0.9.3a 29 May 1999 under Apache/1.3.6 (Unix).
I got problem when I tried to use my own CA and to sign the CSR's
in order to create real SSL Certificates for use inside an
Apache webserver.
Please advice, thank.
Regards,
CHAR
---------
Here is my steps :
1)Create server certificate [OK]
[root@mars private]# openssl genrsa -des3 -out server.key 1024
[root@mars private]# openssl req -new -days 365 -key server.key
-out server.csr
2)Create my own CA certificate [OK]
[root@mars private]# openssl genrsa -des3 -out ca.key 1024
[root@mars private]# openssl req -new -x509 -days 365 -key ca.key
-out ca.cr
3)Use CA to sign the CSR's [FAILED]
[root@mars private]# ./sign.sh server.csr
CA signing: server.csr -> server.crt:
Using configuration from ca.config
Enter PEM pass phrase:
Check that the request matches the signature
Signature ok
The Subjects Distinguished Name is as follows
countryName :PRINTABLE:'MY'
stateOrProvinceName :PRINTABLE:'Penang'
organizationName :PRINTABLE:'ABCDE Sdn. Bhd.'
organizationalUnitName:PRINTABLE:'INTRANET'
commonName :PRINTABLE:'mars.com'
Certificate is to be certified until Jul 14 10:21:34 2000 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: /C=MY/ST=Penang/O=ABCDE Sdn. Bhd./OU=INTRANET/CN=mars.com
error 7 at 0 depth lookup:certificate signature failure
begin:vcard
n:;chchar
x-mozilla-html:FALSE
adr:;;;;;;
version:2.1
email;internet:[EMAIL PROTECTED]
x-mozilla-cpt:;-7072
fn:chchar
end:vcard
