Re: Problem Signing CSR.

Sat, 17 Jul 1999 18:34:00 -0700 

One possible place to look, I suggest, is the configuration files.  By
default, ca use openssl.cnf for default values.  It seems, based on the
output, the signing step is OK.  You have the cert signed and database
updated.  I suspect the verification step.

Cheers

-----Original Message-----
From: chchar <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Friday, July 16, 1999 1:57 PM
Subject: Problem Signing CSR.


>Hi All's,
>
>I'm using OpenSSL 0.9.3a 29 May 1999 under Apache/1.3.6 (Unix).
>
>I got problem when I tried to use my own CA and to sign the CSR's
>in order to create real SSL Certificates for use inside an
>Apache webserver.
>
>Please advice, thank.
>
>Regards,
>
>  CHAR
>
>---------
>
>Here is my steps :
>
>1)Create server certificate                  [OK]
>
>  [root@mars private]# openssl genrsa -des3 -out server.key 1024
>  [root@mars private]# openssl req -new -days 365 -key server.key
>                             -out server.csr
>
>2)Create my own CA certificate               [OK]
>  [root@mars private]# openssl genrsa -des3 -out ca.key 1024
>  [root@mars private]# openssl req -new -x509 -days 365 -key ca.key
>                             -out ca.cr
>
>3)Use CA to sign the CSR's                    [FAILED]
>
>   [root@mars private]# ./sign.sh server.csr
>   CA signing: server.csr -> server.crt:
>   Using configuration from ca.config
>   Enter PEM pass phrase:
>   Check that the request matches the signature
>   Signature ok
>   The Subjects Distinguished Name is as follows
>   countryName           :PRINTABLE:'MY'
>   stateOrProvinceName   :PRINTABLE:'Penang'
>   organizationName      :PRINTABLE:'ABCDE Sdn. Bhd.'
>   organizationalUnitName:PRINTABLE:'INTRANET'
>   commonName            :PRINTABLE:'mars.com'
>   Certificate is to be certified until Jul 14 10:21:34 2000 GMT (365 days)
>   Sign the certificate? [y/n]:y
>
>   1 out of 1 certificate requests certified, commit? [y/n]y
>   Write out database with 1 new entries
>   Data Base Updated
>   CA verifying: server.crt <-> CA cert
>   server.crt: /C=MY/ST=Penang/O=ABCDE Sdn. Bhd./OU=INTRANET/CN=mars.com
>   error 7 at 0 depth lookup:certificate signature failure

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to