[openssl-users] Self signed cert issue

Wouter Verhelst wouter.verhelst at fedict.be
Fri Sep 15 14:06:12 UTC 2017

On 15-09-17 15:58, Richard Olsen wrote:
> I missed putting in the email  that i created all the certs as listed
> below. SO i have the CA, Server and Client certs created. And tried to
> do the pfx file for authentication with a "Soft cert" where i'll have to
> configure later for a "hard cert" smartcard.

Okay, so what are you trying to do, then?

- If you're trying to do client-side authentication, then you need to
place your CA certificate in a file that you point to with
SSLCACertificateFile (see
for the apache 2.2 version of that configuration item). The Server
certificate can be any (and should probably be a public-trust one).
- If you're trying to authenticate your server against a private CA,
then you should import the private CA certificate into your browser
trust store. For firefox, you do that by going to Preferences ->
Advanced -> View Certificates -> Authorities -> Import..., and then
pointing to the .crt file.

Note that while it is allowed, it is absolutely not necessary that your
server certificate and client certificate are from the same CA.

Wouter Verhelst

More information about the openssl-users mailing list