Hello, I have the following problem:
I want to create a server key for a web-Service-Server (Soap-Server). To access this web service I use the Internet Explorer API (WinInet). This certificate should be built from a Self-Signed-Root-Certificate which I've also created. Then I add this CA-certificate to Internet Explorer's Certificate Manager in "Trusted Root Certification Authorities". Now all connections to the web service should be automatically accepted, right? - They are accepted if I have created my Root CA in this way: openssl req -new -x509 -keyout cakey.pem -out cacert.pem -days 3650 - But if I create my Root CA like this: openssl req -new -keyout cakey.pem -out careq.pem + openssl ca -create_serial -out cacert.pem -days 3650 -batch -keyfile cakey.pem -selfsign -infiles careq.pem Here all Certificates built from this CA were automatically rejected by Internet Explorer if I add the Root-CA to "Trusted Root Certificate Authorities" Can anybody tell me what's the difference between this certificate creation methods? In the OpenSSL-Howto certificates.txt is listed that the first way should only used for test certificates. It may not be the recommended way to create a root ca. The reason should be descibed in a file "ca.txt", but I do not find such a documentation. Thanks a lot, I hope you can help me so I can understand this regards Chris _________________________________________________________________ Importieren Sie ganz einfach Ihre E-Mail Adressen in den Messenger! http://messenger.live.de/community/neuekontakte_adressimport.html______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
