__________________________________________________________________________
__________________________________________________________________________
dju` <[EMAIL PROTECTED]> wrote:
dju` <[EMAIL PROTECTED]> wrote:
dju` wrote:
> Hello,
>
> I need to create a CA certificates chain, starting by a self-signed CA
> certificate (ca.crt).
> I've signed the 2nd CA certificate (dju.ca.crt) using the root
> self-signed CA certificate. But when I try to sign the 3rd certificate
> (home.dju.ca.crt) using the 2nd one, I get the following error:
>
> ERROR: adding extensions in section server_cert
> 1293:error:2207707B:X509 V3 routines:V2I_AUTHORITY_KEYID:unable to get
> issuer keyid:v3_akey.c:151:
> 1293:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in
> extension:v3_conf.c:92:name=authorityKeyIdentifier, value=keyid:always
> CA verifying: dju.home.ca.crt <-> dju.ca.crt
> unable to load certificate
> 1294:error:0906D06C:PEM routines:PEM_read_bio:no start
> line:pem_lib.c:637:Exp ecting: TRUSTED CERTIFICATE
>
> The 3rd CA certificate would be used to sign server certificates (for
> httpd, imapd...)
>
> Any help please? Thanks for feedback.
ok, i've successfully created intermediate CA certificate, but openssl
verify fails with the following error:
dju.home.ca.crt:
/C=FR/ST=France/L=Rennes/O=elegiac/OU=djuCA/CN=dju.elegiac.net/[EMAIL PROTECTED]
error 2 at 1 depth lookup:unable to get issuer certificate
any help please? thanks.
--
--dju`
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
ALL-NEW Yahoo! Messenger - all new features - even more fun!
