On Sat, Dec 18, 2004, Mike_SSL wrote: > I'm trying to create a Server-side certificate. > My o/s is Windows ME. > I'm using OpenSSL 0.9.7e (25 Oct 2004). > > The step-by-step guide I'm using is at : > http://www.eclectica.ca/howto/ssl-cert-howto.php > > > So far, I have: > > 1. Successfully created and self-signed a CA certificate (this created > cacert.pem and private\cakey.pem) > > The command I used was: > openssl req -new -x509 -extensions v3_ca -keyout private\cakey.pem -out > cacert.pem -days 3650 -config openssl.conf > > > 2. Successfully created a Certificate Signing Request (this created > key.pem and req.pem) > > The command I used was: > openssl req -new -nodes -out req.pem -config openssl.conf > > BUT! > > 3. When I try to complete the next step in the step-by-step guide, > signing the certificate, I get no error from OpenSSL but it simply > passes right by the query: "Sign the certificate? [y/n]:" and then tells > me "CERTIFICATE WILL NOT BE CERTIFIED." And there are no other error > messages displayed, so, I'm not sure how to proceed. > > > Actual dialogue from the failing Step 3. : > > D:\OpenSSL\CA>openssl ca -out cert.pem -config openssl.conf -infiles req.pem > Using configuration from openssl.conf > Loading 'screen' into random state - done > Enter pass phrase for ./private/cakey.pem: > Check that the request matches the signature > Signature ok > The Subject's Distinguished Name is as follows > organizationName :PRINTABLE:'Mike Zarlenga CA' > organizationalUnitName:PRINTABLE:'SSL Server' > localityName :PRINTABLE:'Reno' > stateOrProvinceName :PRINTABLE:'Nevada' > countryName :PRINTABLE:'US' > commonName :PRINTABLE:'ssl.mzarlenga.com' > Certificate is to be certified until Dec 18 21:50:50 2005 GMT (365 days) > Sign the certificate? [y/n]: > CERTIFICATE WILL NOT BE CERTIFIED > > > How can I diagnose and correct this problem? >
Well it normally does that if you hit 'n' to that query. Are you running the command interactively or from a script? > Is there a better guide I can use for this? > > Try the CA.pl manual page and the examples at the bottom. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
