authoritykeyidentifier ?

[Richard Dykiel]

Hello,   I'm using the openssl utility to create a set of certificates. I created a root certificate. Now I'm trying to create a certifiate request for an intermediate CA (it would be signed by my root certificate).   The command I use is: openssl req -config CAconf.conf -newkey rsa:1024 -outform DER -keyout keys\key1.prk -out cert\req1.p10 -reqexts v3_ca   My config file has an extension section structured as follows:     [ v3_ca ]     subjectKeyIdentifier=hash     authorityKeyIdentifier=keyid:always,issuer:always     basicConstraints = CA:true     keyUsage = cRLSign, keyCertSign   The error I get is the following: Error Loading extension section v3_ca 265:error:22077079:X509 V3 routines:V2I_AUTHORITY_KEYID:no issuer certificate:.\ crypto\x509v3\v3_akey.c:199: 265:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in extension:.\crypto\ x509v3\v3_conf.c:91:name=authorityKeyIdentifier, value=keyid:always,issuer:alway s   Anybody knows how I can specify the issuer certificate to use? Thanks ________________________________ Richard Dykiel, Starburst Software 150 Baker Avenue, Concord, MA 01742 http://www.starburstsoftware.com 1-800-585-3889 ext289