Sorry to have so many questions ...
I create a certificate request. I sign it with
openssl.exe ca -in MYNOTEBOOK_server.req.pem -config CMC_root_config.cnf
-out MYNOTEBOOK_server.pem -verbose -cert CMC_root.pem -keyfile
CMC_root.key.pem
OpenSSL reports
<snip>
Everything appears to be ok, creating and signing the certificate
Successfully added extensions from config
Certificate is to be certified until Aug 20 18:13:39 2013 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
writing new certificates
writing C:/Users/Charles/Documents/CorreLog/Certificates/01.pem
Data Base Updated
<snip>
It also writes MYNOTEBOOK_server.pem which compares equal to 01.pem.
I then start s_server with
openssl.exe s_server -accept 6514 -cert MYNOTEBOOK_server.pem -key
MYNOTEBOOK_server.key.pem -state -debug
and it runs with no obvious errors.
I then run s_client with
openssl.exe s_client -connect localhost:6514 -CAfile CMC_root.cert.pem
-showcerts -prexit -no_ssl2 -cipher ALL:@STRENGTH -state <
OpenSSLclient_data.txt
And it twice reports
Verify return code: 18 (self signed certificate)
Why?
If I display the certificate with -text I don't see "CMC_root" in there
anywhere. How does the
Charles
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
