[openssl-users] Problem verifying a certificate chain

Pascal Withopf pwithopf at adiscon.com
Fri Dec 1 07:27:43 UTC 2017 

Yes it's only for testing so it doesn't matter.

But how do I do this?

2017-11-30 19:54 GMT+01:00 Viktor Dukhovni <openssl-users at dukhovni.org>:

>
>
> > On Nov 30, 2017, at 2:46 AM, Pascal Withopf <pwithopf at adiscon.com>
> wrote:
> >
> > Here is serverCA.pem as a file and as text
>
> These are, I expect, test certs and keys, so posting the keys too
> is presumably not a problem...
>
> In any case, the problem is that the CA certificate is a v1
> certificate with no extensions.  It needs to be a v3 certificate
> with basicConstraints CA:true, and keyUsage befitting a CA.
>
> Certificate:
>     Data:
>         Version: 1 (0x0)
>         Serial Number:
>             92:fb:86:47:d7:eb:1f:c3
>     Signature Algorithm: sha1WithRSAEncryption
>         Issuer: C=XX, ST=XX, L=test, O=Testorganisation, CN=Root CA
>         Validity
>             Not Before: Nov 30 07:30:13 2017 GMT
>             Not After : Dec 30 07:30:13 2017 GMT
>         Subject: C=XX, ST=XX, L=test, O=Testorganisation, CN=Server CA
>         Subject Public Key Info:
>             Public Key Algorithm: rsaEncryption
>                 Public-Key: (1024 bit)
>                 Modulus:
>                     00:ba:f3:7b:2b:e3:e6:ed:e4:ec:90:01:99:05:59:
>                     62:94:16:eb:f0:fd:07:8e:5d:13:38:85:04:72:48:
>                     05:48:76:c2:0b:bb:63:79:c7:49:4b:d2:33:5d:75:
>                     6f:f2:79:c7:55:db:23:4d:b6:4a:89:82:b6:ff:aa:
>                     1d:d2:07:1b:4d:68:c8:f5:3d:87:b6:76:05:bd:4a:
>                     0a:79:d8:27:e0:0d:a7:a7:7b:39:13:85:7b:d3:b0:
>                     02:cb:0e:3d:27:d9:a6:8a:a0:65:7c:a8:3a:72:73:
>                     a9:61:af:99:39:97:e5:f7:9c:8d:3d:4a:bd:ac:af:
>                     4a:80:31:d7:46:c7:9a:3f:65
>                 Exponent: 65537 (0x10001)
>     Signature Algorithm: sha1WithRSAEncryption
>          aa:d0:92:67:17:00:fe:33:7f:b9:94:2c:63:6e:ce:cf:02:25:
>          77:d9:df:1e:89:3f:6b:fd:02:54:73:04:36:54:c1:5a:a5:35:
>          27:4b:9d:55:55:f1:9f:d4:72:10:9a:e0:3d:42:e2:8a:af:80:
>          aa:00:92:16:3d:16:49:9a:df:94:13:63:df:50:99:50:87:1e:
>          a0:52:5e:ec:8b:23:4c:28:e8:f8:f3:fc:10:fc:8d:72:1d:3f:
>          40:ac:89:42:18:d5:80:03:df:ad:24:ff:74:c3:4e:e0:de:ac:
>          01:7a:df:b0:62:67:1b:85:84:bd:c4:d4:89:79:41:21:46:d6:
>          59:06
>
>
> --
>         Viktor.
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171201/5f43d069/attachment.html>

More information about the openssl-users mailing list