Re: Problems with certificates and CA

Mon, 7 Jun 1999 08:29:54 -0700 

Carl-Henrik Tano wrote:

> Hi !
>
> I�m trying to add SSL to my httpserver and httpclient.
> I have tried to use openssl to create certificates and set up my own CA
> but I can�t get it work.(Only for testing)
>
> I need some hints about:
> - How to set up my own CA and create one server certificate and one
> client certificate thats signed by my CA.

    CA.sh -newca : look at  openssl.cnf/ssleay.cnf for customizing what you
want...

    CA.sh -newreq : a new certificate request
    CA.sh -sign : for signing the request. ( looks for a file called
newreq.pem in the CWD.
and generates a file called newcert.pem )



>
> - I also want to know how to make the created certificates to work in my
>

    Have a look at apps/s_client.c and apps/s_server.c.

>
> programs. That means how to tell my applications where to
> look for my CA and what I must do to make my server get the clients
> certificate.
>
> I have tried to create certificates and use them in my programs but have
>
> never get the server to find my client certificate.
> When I have created one certificate and want to run verify I always get
> error 20 at 0 depth lookup:unable to get local issuer certificate.
> For example when I�m trying to verify one of the test certificates that
> comes with openssl I get:
> openssl>verify server.pem
> server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert
> (512 bit)
> error 20 at 0 depth lookup:unable to get local issuer certificate
>
> Have I missed something important?
>

    Try setting SSL_CERT_DIR and SSL_CERT_FILE pointing to the directory
where
you have the certs your CA has generated ( signed ) , and the CA cert
respectively.

>
> I�m using version 0.9.3a of openssl.
>
> /Henrik
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> Development Mailing List                       [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]

begin:vcard 
n:Rojas Jimenez;Juan Pablo
x-mozilla-html:FALSE
org:Faculad de Inform�tica;DDpto. de Lenguajes y Sistemas Infotm�ticos.
adr:;;;;;;
version:2.1
email;internet:[EMAIL PROTECTED]
title:Laboratorio de Teleinform�tica
x-mozilla-cpt:;-31968
fn:Juan Pablo Rojas Jimenez
end:vcard

Reply via email to