Hi Dirk, Thanks for your post. You seems to be so knowledgeable! I tried your commands, but I am not able to verify with "openssl verify". Could you please help? Following is the command sequence:
root@dev12042:~/cert# openssl genrsa -out ca.key 1024 Generating RSA private key, 1024 bit long modulus ...........................................++++++ ............++++++ e is 65537 (0x10001) root@dev12042:~/cert# openssl req -new -x509 -key ca.key -out ca.crt -days 3650 -subj /CN=MyRoot root@dev12042:~/cert# openssl genrsa -out ca-int.key 1024 Generating RSA private key, 1024 bit long modulus ...........................++++++ ..............++++++ e is 65537 (0x10001) root@dev12042:~/cert# openssl req -new -key ca-int.key -out ca-int.csr -subj /CN=intermediate root@dev12042:~/cert# openssl x509 -req -days 3650 -in ca-int.csr -CA ca.crt -CAkey ca.key -out ca-int.crt -set_serial 01 Signature ok subject=/CN=intermediate Getting CA Private Key root@dev12042:~/cert# openssl genrsa -out server.key 1024 Generating RSA private key, 1024 bit long modulus .............++++++ .........++++++ e is 65537 (0x10001) root@dev12042:~/cert# openssl req -new -key server.key -out server.csr -subj /CN=server root@dev12042:~/cert# openssl x509 -req -in server.csr -CA ca-int.crt -CAkey ca-int.key -out server.crt -set_serial 01 Signature ok subject=/CN=server Getting CA Private Key root@dev12042:~/cert# openssl verify -CAfile ca.crt ca-int.crt server.crt ca-int.crt: OK server.crt: CN = server error 20 at 0 depth lookup:unable to get local issuer certificate Thanks so much! Sherry -- View this message in context: http://openssl.6102.n7.nabble.com/create-certificate-chain-tp44046p46205.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
