Hi,
I'm doing some testing with certificates.
I want the following :
Generate a root CA.
Sign CSR's.
SOme problems :
- Even if I tell openssl to make a CA, it doesn't.
- Certificates are always signed by the one that is requesting it. I want
those to be signed by me.
Here are the command I use :
1) Generate a 1024 bit provite key :
openssl genrsa -des3 -out privkey.pem 1024
Works fine.
2) Generate a CSR
openssl req -new -key privkey.pem -out request.pem
Works, but I wonder : Isn't a public key needed ??
3) Generate a self-signed cert
openssl x509 -req -in request.pem -out cert.pem -signkey privkey.pem
-CAcreateserial
Also works, but I think that the -signkey is the problem. I suspect that
that is the cause that all certs are signed by the one thay gonne be
issued to, instead of me.
So the result is a certificate that normally is issued to person X, but is
also signed by X, and that is not what I want.
Second problem is that the root CA is not being created.
Thanks for any help.
Igmar Palsenberg
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
