PKI newbie in need of help. When I sign a SSL cert with my CA, the certification path only lists the web server. Not my SubCA or the Windows Root CA.
I am trying to stand up a SubCa under a Windows Certificate Authority and I am having issues getting the Chain of Authority correct. I have been spinning my wheels for a while now and exhausted google(maybe I just don't know what to search for...). Can someone point me to some docs on this or help me? I generate my key # openssl genrsa -des3 -out /tmp/ca.key I generate a CSR from that key # openssl req -new -extensions v3_ca -days 3650 -key /tmp/ca.key -config openssl.cnf -out ca.csr Openssl has the following defined. [ v3_ca ] basicConstraints = CA:TRUE, pathlen:2 subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always I send the CSR off to the windows folks who sign it and send it back. They assure me they are using the SubCA Template for this. Any obvious mistakes? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
