Thanks Dave. Probably i have not understood the things properly.
After surfing through Google i got confused. Actually I am doing TLS Client Testing which authenticate the Server(www.https.com in my example). Steps I followed to achieve this: 1) Created a Self signed Certificate where Issuer & Subject are having Same CN i.e. www.https.com 2) Then i import Server.pem file on TLS Client and same at Server also. Here are the Openssl Commands to generate Self-Signed-Certificate. openssl genrsa -des3 -out server.key 1024 openssl req -new -key server.key -out server.csr openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt Question here is : Can we create "Certficate Hirearchy" ? Like ROOT( Issuer=X & Subect=X) --- > SubCA(Issuer=X & Subect=Y) Please help me in generating this hierarchies . Thanks in advance . -Best Regards, Rout Dave Thompson-5 wrote: > >> From: owner-openssl-us...@openssl.org On Behalf Of Mr.Rout >> Sent: Monday, 31 October, 2011 13:43 > >> I am newbie to Openssl. I am confused about Chained ROOT >> certificates? >> Could someone please guide me the step by step approach for generating >> Chained ROOT certificate? >> >> e.g. My Server name is "www.https.com ( I successfully >> generated Self-signed >> SSL certificate where i put CN=www.https.com ) >> >> But wondering how would i able to generate ROOT certificate ? >> >> Awaiting for a nice reply with lucid explanation. >> > You'll have to ask a lucid question first. > > Root certificates aren't chained; if they were they wouldn't be roots. > A self-signed certificate is its own root; it never chains to anything. > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > -- View this message in context: http://old.nabble.com/Help-in-Generating-Chained-ROOT-Certificate-tp32753985p32770603.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
