[openssl-users] Problem verifying a certificate chain
Viktor Dukhovni
openssl-users at dukhovni.org
Thu Nov 30 18:54:01 UTC 2017
> On Nov 30, 2017, at 2:46 AM, Pascal Withopf <pwithopf at adiscon.com> wrote:
>
> Here is serverCA.pem as a file and as text
These are, I expect, test certs and keys, so posting the keys too
is presumably not a problem...
In any case, the problem is that the CA certificate is a v1
certificate with no extensions. It needs to be a v3 certificate
with basicConstraints CA:true, and keyUsage befitting a CA.
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
92:fb:86:47:d7:eb:1f:c3
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=XX, ST=XX, L=test, O=Testorganisation, CN=Root CA
Validity
Not Before: Nov 30 07:30:13 2017 GMT
Not After : Dec 30 07:30:13 2017 GMT
Subject: C=XX, ST=XX, L=test, O=Testorganisation, CN=Server CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:ba:f3:7b:2b:e3:e6:ed:e4:ec:90:01:99:05:59:
62:94:16:eb:f0:fd:07:8e:5d:13:38:85:04:72:48:
05:48:76:c2:0b:bb:63:79:c7:49:4b:d2:33:5d:75:
6f:f2:79:c7:55:db:23:4d:b6:4a:89:82:b6:ff:aa:
1d:d2:07:1b:4d:68:c8:f5:3d:87:b6:76:05:bd:4a:
0a:79:d8:27:e0:0d:a7:a7:7b:39:13:85:7b:d3:b0:
02:cb:0e:3d:27:d9:a6:8a:a0:65:7c:a8:3a:72:73:
a9:61:af:99:39:97:e5:f7:9c:8d:3d:4a:bd:ac:af:
4a:80:31:d7:46:c7:9a:3f:65
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
aa:d0:92:67:17:00:fe:33:7f:b9:94:2c:63:6e:ce:cf:02:25:
77:d9:df:1e:89:3f:6b:fd:02:54:73:04:36:54:c1:5a:a5:35:
27:4b:9d:55:55:f1:9f:d4:72:10:9a:e0:3d:42:e2:8a:af:80:
aa:00:92:16:3d:16:49:9a:df:94:13:63:df:50:99:50:87:1e:
a0:52:5e:ec:8b:23:4c:28:e8:f8:f3:fc:10:fc:8d:72:1d:3f:
40:ac:89:42:18:d5:80:03:df:ad:24:ff:74:c3:4e:e0:de:ac:
01:7a:df:b0:62:67:1b:85:84:bd:c4:d4:89:79:41:21:46:d6:
59:06
--
Viktor.
More information about the openssl-users
mailing list