Tuesday, February 9, 2021

Error getting keypair for CA issuer: certificate is not a CA

edit file /etc/ssl/openssl.cnf


[ v3_ca ]

basicConstraints = critical,CA:TRUE

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid:always,issuer:always


generate csr with option  -extensions v3_ca 

ex. 


openssl req  \

    -x509 \

    -new \

    -nodes \

    -key private/univ-ca.key.pem \

    -sha256 \

    -days 1825 \

    -out certs/univ-ca.cert.pem \

    -subj '/C=TH/O=YOU-ORG-NAME/emailAddress=YOU_EMAIL' \

    -passin pass:$CA_PASS \

    -extensions v3_c

at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)

ALCATEL 6900

write memory copy running certified reload from working no rollback-timeout