[EMAIL PROTECTED] wrote:
>
> Hi,
>
> I've created a CA cert/key for testing but I want to be able to test a longer
> cert chain. Does any one know what should be in the config file if I want to
> create a CA cert req which I would sign with the root CA cert. I have tried:
>
> basicConstraints=CA:TRUE
>
> But in runtime verification it says: "verify error:num=24:invalid CA certificate
> ".
>
> If anyone has an example config file which will do this I would appreciate a
> copy.
>
You need to use the CA extensions when you sign the request for the CA
certificate. There are options to 'ca' and 'x509' that can do this.
There is also a -signca option added to the CA.pl script in 0.9.6
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
