$ openssl x509 -in serverCA.pem -noout -purpose
gave me thisCertificate purposes:
SSL client : Yes
SSL client CA : No
SSL server : Yes
SSL server CA : No
Netscape SSL server : Yes
Netscape SSL server CA : No
S/MIME signing : Yes
S/MIME signing CA : No
S/MIME encryption : Yes
S/MIME encryption CA : No
CRL signing : Yes
CRL signing CA : No
Any Purpose : Yes
Any Purpose CA : Yes
OCSP helper : Yes
OCSP helper CA : No
Time Stamp signing : No
Time Stamp signing CA : No
If the purpose is incorrect how can I set it?
2017-11-29 16:48 GMT+01:00 Viktor Dukhovni <openssl-users@xxxxxxxxxxxx>:
On Wed, Nov 29, 2017 at 04:33:39PM +0100, Pascal Withopf wrote:
> Which means I have the following certificate chain:
> root.pem -> serverCA.pem -> server.pem
>
> But when I try to make a connection I see following error at the client
> side:
> Error with certificate at depth: 1
> issuer = /C=XX/ST=XX/L=test/O=Testorganisation/CN=Root CA The intermediate CA extensions are likely incorrect. Post
> subject = /C=XX/ST=XX/L=test/O=Testorganisation/CN=Server CA
> err 24:invalid CA certificate
the certificate in question.
> Did I do something wrong creating the certificates?
Likely yes.
--
Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
