Hi guys,
I have tried to configure multiple level CA structure: ROOT CA ->
SIGNING CA -> Users certificates
I use RootSSL.cnf file and these commands to generate root certificate:
openssl genrsa -des3 -out root-ca.key 2048
openssl req -new -x509 -days 3650 -key root-ca.key -out root-ca.crt
-config RootSSL.cnf
In order to generate intermediate CA I use OpenSSL.cnf file and these commands:
openssl genrsa -des3 -out signing-ca.key 2048
openssl req -new -days 1095 -key signing-ca.key -out signing-ca.csr
-config openssl.cnf
openssl ca -config openssl.cnf -name CA_root -extensions v3_ca -out
signing-ca.crt -infiles signing-ca.csr
As the result I have OK root certificate, but I see error message for
signing certificate: "This certificate has an nonvalid digital
signature."
Can somebody advise me what I do wrong?
Thanks,
--
Tanya Lozovaya.
<<attachment: SigningCA_Error.png>>
RootSSL.cnf
Description: Binary data
OpenSSL.cnf
Description: Binary data
