Hi. Sorry about being off-topic. I had some, for me, un-decipherable error messages when trying to sign my own certificate. First I created my private key and certificate signing request : [ssl]# openssl genrsa -des3 -out sever.key 1024 [ssl]# openssl req -new -key server.key -out server.csr Then I created my own certificate authority: [ssl]# openssl genrsa -des3 -out ca.key 1024 Next, I created a self-signed CA certificate with my rsa key: [ssl]# openssl req -new -x509 -days 365 -key ca.key -out ca.crt Finally, I attempted to sign the ca.crt [ssl]# ./sign.sh private/server.csr
Here is the tail-end of the output : ... Certificate is to be certified until Jul 29 16:00:25 2004 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated CA verifying: private/server.crt <-> CA cert private/server.crt: /C=HK/ST=HK/O=SAYS I.T. Co. Ltd./CN=www.saysit.com.hk/[EMAIL PROTECTED] error 18 at 0 depth lookup:self signed certificate /C=HK/ST=HK/O=SAYS I.T. Co. Ltd./CN=www.saysit.com.hk/[EMAIL PROTECTED] error 7 at 0 depth lookup:certificate signature failure 2117:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100: 2117:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:396: 2117:error:0D079006:asn1 encoding routines:ASN1_verify:bad get asn1 object call:a_verify.c:109: [ssl]# OpenSSL went and created the certificates "server.crt as in httpd.conf's "SSLCertificateFile /path/to/this/server.crt" I hesitate to use it because of these error messages. Can someone see where I might have gone wrong and how to rectify that ??? TIA :( --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]