Creating a CA from a Certificate signed by Thwate.

[Jeremy]

Hmmm... perhaps I'm asking the wrong question.   What I want to appear in the certification path when I double click on the padlock in IE is the tree: thawte, then the certificate signed by thwate then the certificate that I've made. Do you understand what I mean?   I've done this before, however it was a while ago and try as I may, I can't seem to get it working again. Thanks for all your help --------------------------------------------------------------- Jeremy Bradley Software Developer 3KB.COM LIMITED ----- Original Message ----- From: Reiner Buehl To: [EMAIL PROTECTED] Sent: Monday, April 09, 2001 7:21 PM Subject: RE: Creating a CA from a Certificate signed by Thwate. Hi,   first check if your existing cert is allowed to act as a CA cert. Print the cert details with "openssl x509 -text -in <your cert.pem>". If your cert is not yet in PEM format, add "-inform DER" to the above. In the resulting output check for lines like these:           X509v3 extensions:             X509v3 Basic Constraints:                 CA:FALSE   If you find the line "CA:FALSE" (which is most likely) then your cert can only be used as a server or client cert. You then could still use it for signing if you change openssl internaly to ignore this extension, but you would violate the x509 standard and every proper coded application would refuse to use the resulting certificates.   Best Regards, Reiner. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jeremy Sent: Monday, April 09, 2001 3:47 AM To: SSL Users Subject: Creating a CA from a Certificate signed by Thwate. I'm trying to sign newly created certificates with a certificate already signed my thawte. However I'm having problems. I've read the FAQ at http://www.modssl.org/docs/2.8/ssl_faq.html, however there doesn't seem to be any information there that can help me. I've tried using the steps for creating my own CA and using sign.sh (modified for my system varibles, etc), but the many (too many to list here) ways I've tried have all failed.   Can anyone help me out? Thanks.   Using: OpenSSL 0.9.6 24   On: Redhat 6.2