What is the proper syntax to generate a certificate request.

Tue, 27 Jan 2009 02:46:45 -0800 

Hello list,
I am trying to imort a .der server cert into my Fedora directory
services certificate store.
I used the openssl utility to create the csr below.

openssl genrsa -des3 -out server.key 4096
openssl req -new  -key c00lsldap.key -out server.csr

I am using certutil to import the cert. 
Certutil -A -d . -n "server-cert" -t "u,u,u" -i /tmp/server.der

The cert does import, but the cert shows as having a broken chain. It
also shows as being a CA cert when it is supposed to be a regular server
certificate for ssl communications.
And, it shows as having no "Certificate Trust Flags". It should have 
 Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User 

Is there something I am doing wrong?  Did I generate the csr wrong. I
thought surely it was the CA that decides the trust flags.
Any help is appreciated.

Thank you
James

CONFIDENTIALITY
This e-mail message and any attachments thereto, is intended only for use by 
the addressee(s) named herein and may contain legally privileged and/or 
confidential information. If you are not the intended recipient of this e-mail 
message, you are hereby notified that any dissemination, distribution or 
copying of this e-mail message, and any attachments thereto, is strictly 
prohibited.  If you have received this e-mail message in error, please 
immediately notify the sender and permanently delete the original and any 
copies of this email and any prints thereof.
ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS NOT 
INTENDED AS A SUBSTITUTE FOR A WRITING.  Notwithstanding the Uniform Electronic 
Transactions Act or the applicability of any other law of similar substance and 
effect, absent an express statement to the contrary hereinabove, this e-mail 
message its contents, and any attachments hereto are not intended to represent 
an offer or acceptance to enter into a contract and are not otherwise intended 
to bind the sender, Sanmina-SCI Corporation (or any of its subsidiaries), or 
any other person or entity.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to