This is a discussion on [Question] Root CA + Internet Explorer Certificate Manager - Openssl ; Hello, I have the following problem: I want to create a server key for a web-Service-Server (Soap-Server). To ac= cess this web service I use the Internet Explorer API (WinInet). This certi= ficate should be built from a Self-Signed-Root-Certificate which ...
I have the following problem:
I want to create a server key for a web-Service-Server (Soap-Server). To ac=
cess this web service I use the Internet Explorer API (WinInet). This certi=
ficate should be built from a Self-Signed-Root-Certificate which I've also =
created. Then I add this CA-certificate to Internet Explorer's Certificate =
Manager in "Trusted Root Certification Authorities". Now all connections to=
the web service should be automatically accepted, right?
- They are accepted if I have created my Root CA in this way:
openssl req -new -x509 -keyout cakey.pem -out cacert.pem -days 3650
- But if I create my Root CA like this:
openssl req -new -keyout cakey.pem -out careq.pem=20
openssl ca -create_serial -out cacert.pem -days 3650 -batch -keyfile cakey=
..pem -selfsign -infiles careq.pem
Here all Certificates built from this CA were automatically rejected by Int=
ernet Explorer if I add the Root-CA to "Trusted Root Certificate Authoritie=
Can anybody tell me what's the difference between this certificate creation=
In the OpenSSL-Howto certificates.txt is listed that the first way should o=
nly used for test certificates. It may not be the recommended way to create=
a root ca. The reason should be descibed in a file "ca.txt", but I do not =
find such a documentation.
Thanks a lot, I hope you can help me so I can understand this
Importieren Sie ganz einfach Ihre E-Mail Adressen in den Messenger!
OpenSSL Project http://www.openssl.org
User Support Mailing List firstname.lastname@example.org
Automated List Manager email@example.com