I beat my head against the wall all day yesterday trying to figure this out, so it's probably time to ask for some assistance.
We have a corporate CA that we wrote in perl that performs all it's functions by running the openssl binary. I am rewriting it in ruby and this time using the ruby openssl library. The problem is that there is something wrong with the certificates I am generating in ruby and I can't figure out what it is. I am using the same root keys to sign the certificates. When I create a certificate and sign it with ruby firefox tells me the issuer is unknown, and openssl verify also fails as follows: openssl verify -CAfile chain.pem test.cer test.cer: /CN=test/OU=test/O=test/ST=test/emailAddress=test/C=test error 20 at 0 depth lookup:unable to get local issuer certificate Interestingly enough, IE recognizes it fine and displays the certificate chain. Certificates generated with our old ca work just fine in both browsers and verify ok via openssl verify. The general steps I am taking when creating a certificate are as follows: - Get the request from firefox (using the keygen tag) - create a new certificate. Set the subject and the public key (from the request), plus any extensions. - Sign the certificate with the root ca key. So anyways I am at a loss as to how to debug this further. I'd be happy to post the certificates in question if that helps. Chris ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
