On Thu, 29 Jun 2000, Schaefer,Lorrayne J. wrote:
> > Running openssl x509 -text -in on the CA certificate looks fine (CA has
> > CA:TRUE, pathlen:0 in the x509v3 basic constraints section). Would
> > appreciate any pointers.
> >
> > Sazli,
>
> Your pathlength should be set at a minimum to 1 for your CA. Pathlength of
> 0 should only be for non CA certificates (your server and client certs) as a
> zero pathlength says that the cert is not a CA (in other words, a length
> greater than zero is a CA and the greater the number the higher the app may
> have to walk up the chain to find the root). So, you need to re-create your
> CA and make the cert path length at least to 1.
>
Thanks for your help,
Sorry, I got mixed up with another CA cert. The actual CA I am using has
the following:-
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:44:31:30:32:34:30:30:31
X509v3 Subject Key Identifier:
44:31:30:32:34:30:30:31
X509v3 Basic Constraints:
CA:TRUE
2.5.29.33:
0.0....r.....r..
which has CA:TRUE, but not pathlen:0. Appreciate any more
help.. thanks. :)
--sazli
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
