i don't know whether the third step you did is correct. you can get the request signed by using opesssl ca utility(just like openssl req) even after that your netscape will say untrusted certificate because how will netscape know that the CA which issued the certificate to your web server is trustworthy? so you have to include the self signed certificate of your CA (which issued certificate to your web server, openssl ca utility) in trusted CA list of netscape and the it should work fine
creating a self signed certificate is possible with openssl req command actually you can do first two of your steps using one openssl req command rakesh ---- Original message ---- >Date: Tue, 10 Sep 2002 10:12:12 +0800 >From: "zhaoxd" <[EMAIL PROTECTED]> >Subject: how to generate authoritive CA >To: <[EMAIL PROTECTED]> > > hello,everybody: > > When I constructed my web station through apache,I met with some > problems. > > I made the CA Certificate by myself,and issued a server.crt for my > web server using this CA,but I found an unexpected warning happened > when I tried to connect my apache server through > MSIE&netscape.There is a warning message which says my certificate is > not issued by Trusted CA. > > I think the CA generated by myself must be have some problems.My > question is:can guys make CA by themselves? > > If so,the steps I generate my CA are: > > 1.create a RSA private key for my CA: > $openssl genrsa -des3 -out ca.key 1024 > 2.create a self-signed CA Certificate (X509 structure) with the > RSA key of the CA. > $openssl req -new -x509 -day 365 -key ca.key -out ca.crt > 3.sign the certificate of my server using sign.sh provided by > mod_ssl/pkg.contrib/ > $sign.sh server.csr > Then I got my server.crt issued by my CA Certificate. > > Is there any problems during the process I generate CA? > > Any help are appreciated!:) > zhaoxd ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]