guys: i ahve a question regarding how to implement /use a private ca with openssl. the follow is what i have done:
1. generate ca private key and ca certificate $ openssl genrsa -out cakey.pem 1024 $ openssl req -new -key cakey.pem -out cacert_req.pem $ openssl x509 -req -days 300 -in cacert_req.pem -signkey cakey.pem -out cacert.pem my intention here is to get the ca private key (cakey.pem) and ca certificate (cacert.pem). i am assuming ca certificate is self signed 2. generate ssl private ket and sign its corresponding public key with ca's private key $ openssl genrsa -out ssl_key.pem 1024 $ openssl req -new -key ssl_key.pem -out sslcert_req.pem $ openssl x509 -req -days 200 -in sslcert_req.pem -signkey cakey.pem -out ssl_cert.pem my intention here is to get the rsa private key (ssl_key.pem) and its corresponding certificate signed by ca (ssl_cert.pem) however, when i tried to use these three keys (ssl_key.pem, ssl_cert.pem, cacert.pem) to start a ssl server. i got the following error: $ openssl s_server -accept 1500 -cert ssl_cert.pem -key ssl_key.pem -CAfile cacert.pem -debug -state Using default temp DH parameters unable to get private key from "ssl_key.pem" 14841:error:0B080074:x509:certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:279: obviously, i did something wrong in the process. is the way i create/use private ca wrong? anybody here has quick ideas what is going on? thanks in advance. chong peng ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
