how to generate an authoritive CA Certificate?

This is a multi-part message in MIME format.

------=_NextPart_000_00A3_01C258D3.10D2A820
Content-Type: text/plain;
charset="gb2312"
Content-Transfer-Encoding: base64

aGVsbG8sZXZlcnlib2R5Og0KDQogR2xhZCB0byB0YWxrIHRvIHlvdSENCiBJ IGhhcHBlbiB0byBi
ZSBhIGxlYXJuZXIsc28saWYgSSBoYXZlIHNvbWUgcHJvYmxlbXMgbGV0IHlv dSBmZWVsIGJhZCxw
YXRpZW50IHRvIG1lLHBsZWFzZSENCg0KICBXaGVuIEkgY29uc3RydWN0ZWQg bXkgd2ViIHN0YXRp
b24gdGhyb3VnaCBhcGFjaGUsSSBtZXQgd2l0aCBzb21lIHByb2JsZW1zIQ0K ICANCiAgSSBtYWRl
IHRoZSBDQSBDZXJ0aWZpY2F0ZSBieSBteXNlbGYsYW5kIGlzc3VlZCBhIHNl cnZlci5jcnQgZm9y
IG15IHdlYiBzZXJ2ZXIgdXNpbmcgdGhpcyBDQSxidXQgSSBmb3VuZCBhbiB1 bmV4cGVjdGVkIHdh
cm5pbmcgaGFwcGVuZWQgd2hlbiBJIHRyaWVkIHRvIGNvbm5lY3QgbXkgYXBh Y2hlIHNlcnZlciB0
aHJvdWdoIE1TSUUmbmV0c2NhcGUuVGhlcmUgaXMgYSB3YXJuaW5nIG1lc3Nh Z2Ugd2hpY2ggc2F5
cyBteSBjZXJ0aWZpY2F0ZSBpcyBub3QgaXNzdWVkIGJ5IFRydXN0ZWQgQ0Eu DQoNCiAgSSB0aGlu
ayB0aGUgQ0EgZ2VuZXJhdGVkIGJ5IG15c2VsZiBtdXN0IGJlIGhhdmUgc29t ZSBwcm9ibGVtcy5N
eSBxdWVzdGlvbiBpczpjYW4gZ3V5cyBtYWtlIENBIGJ5IHRoZW1zZWx2ZXM/ DQoNCiAgSWYgc28s
dGhlIHN0ZXBzIEkgZ2VuZXJhdGUgbXkgQ0EgYXJlOg0KDQogICAgMS5jcmVh dGUgYSBSU0EgcHJp
dmF0ZSBrZXkgZm9yIG15IENBOg0KICAgICAgICAkb3BlbnNzbCBnZW5yc2Eg LWRlczMgLW91dCBj
YS5rZXkgMTAyNA0KICAgIDIuY3JlYXRlIGEgc2VsZi1zaWduZWQgQ0EgQ2Vy dGlmaWNhdGUgKFg1
MDkgc3RydWN0dXJlKSB3aXRoIHRoZSBSU0Ega2V5IG9mIHRoZSBDQS4NCiAg ICAgICAgJG9wZW5z
c2wgcmVxIC1uZXcgLXg1MDkgLWRheSAzNjUgLWtleSBjYS5rZXkgLW91dCBj YS5jcnQNCiAgICAz
LnNpZ24gdGhlIGNlcnRpZmljYXRlIG9mIG15IHNlcnZlciB1c2luZyBzaWdu LnNoIHByb3ZpZGVk
IGJ5IG1vZF9zc2wvcGtnLmNvbnRyaWIvDQogICAgICAgICRzaWduLnNoIHNl cnZlci5jc3INCiAg
ICBUaGVuIEkgZ290IG15IHNlcnZlci5jcnQgaXNzdWVkIGJ5IG15IENBIENl cnRpZmljYXRlLg0K
ICAgIA0KICAgSXMgdGhlcmUgYW55IHByb2JsZW1zIGR1cmluZyB0aGUgcHJv Y2VzcyBJIGdlbmVy
YXRlIENBPw0KDQpBbnkgaGVscCBhcmUgYXBwcmVjaWF0ZWQhOikNCiAgICAg ICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICB6aGFveGQNCg==

------=_NextPart_000_00A3_01C258D3.10D2A820
Content-Type: text/html;
charset="gb2312"
Content-Transfer-Encoding: base64

PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBU cmFuc2l0aW9uYWwv
L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgaHR0cC1lcXVpdj1Db250ZW50 LVR5cGUgY29udGVu
dD0idGV4dC9odG1sOyBjaGFyc2V0PWdiMjMxMiI+DQo8TUVUQSBjb250ZW50 PSJNU0hUTUwgNi4w
MC4yNzEyLjMwMCIgbmFtZT1HRU5FUkFUT1I+DQo8U1RZTEU+PC9TVFlMRT4N CjwvSEVBRD4NCjxC
T0RZIGJnQ29sb3I9I2ZmZmZmZj4NCjxESVY+PEZPTlQgZmFjZT0iJ1ZlcmRh bmEnLCBHZW5ldmEs
IE1TIHNhbnMtc2VyaWYiIGNvbG9yPSM0NDg1OTMgc2l6ZT0tMT4NCjxESVY+ PEZPTlQgZmFjZT0i
J1ZlcmRhbmEnLCBHZW5ldmEsIE1TIHNhbnMtc2VyaWYiIGNvbG9yPSM0NDg1 OTMgDQpzaXplPS0x
PmhlbGxvLGV2ZXJ5Ym9keTo8L0ZPTlQ+PC9ESVY+DQo8RElWPiZuYnNwOzwv RElWPg0KPERJVj4m
bmJzcDtHbGFkIHRvIHRhbGsgdG8geW91ITxCUj4mbmJzcDtJIGhhcHBlbiB0 byBiZSBhIGxlYXJu
ZXIsc28saWYgSSBoYXZlIA0Kc29tZSBwcm9ibGVtcyBsZXQgeW91IGZlZWwg YmFkLHBhdGllbnQg
dG8gbWUscGxlYXNlITwvRElWPg0KPERJVj48Rk9OVCBmYWNlPVZlcmRhbmEg Y29sb3I9IzQ0ODU5
MyBzaXplPTI+PC9GT05UPiZuYnNwOzwvRElWPg0KPERJVj48Rk9OVCBzaXpl PTI+Jm5ic3A7Jm5i
c3A7V2hlbiBJIGNvbnN0cnVjdGVkIG15IHdlYiBzdGF0aW9uIHRocm91Z2gg YXBhY2hlLEkgDQpt
ZXQgd2l0aCBzb21lIHByb2JsZW1zITwvRk9OVD48L0RJVj4NCjxESVY+PEZP TlQgc2l6ZT0yPiZu
YnNwOyZuYnNwOzwvRk9OVD48L0RJVj4NCjxESVY+PEZPTlQgc2l6ZT0yPiZu YnNwOyBJIG1hZGUg
dGhlJm5ic3A7Q0EgQ2VydGlmaWNhdGUgYnkgbXlzZWxmLGFuZCBpc3N1ZWQg YSANCnNlcnZlci5j
cnQmbmJzcDtmb3IgbXkgd2ViIHNlcnZlciB1c2luZyB0aGlzIENBLGJ1dCBJ IGZvdW5kJm5ic3A7
YW4gdW5leHBlY3RlZCANCndhcm5pbmcgaGFwcGVuZWQgd2hlbiBJIHRyaWVk IHRvIGNvbm5lY3Qg
bXkgYXBhY2hlIHNlcnZlciB0aHJvdWdoIA0KTVNJRSZhbXA7bmV0c2NhcGUu VGhlcmUmbmJzcDtp
cyBhIHdhcm5pbmcgbWVzc2FnZSB3aGljaCBzYXlzIG15IGNlcnRpZmljYXRl IGlzIA0Kbm90IGlz
c3VlZCBieSBUcnVzdGVkIENBLjwvRk9OVD48L0RJVj4NCjxESVY+PEZPTlQg c2l6ZT0yPjwvRk9O
VD4mbmJzcDs8L0RJVj4NCjxESVY+PEZPTlQgc2l6ZT0yPiZuYnNwOyZuYnNw O0kgdGhpbmsmbmJz
cDt0aGUgQ0EmbmJzcDtnZW5lcmF0ZWQgYnkgDQpteXNlbGYmbmJzcDttdXN0 IGJlIGhhdmUgc29t
ZSBwcm9ibGVtcy5NeSBxdWVzdGlvbiBpczpjYW4mbmJzcDtndXlzIG1ha2Ug Q0EgYnkgDQp0aGVt
c2VsdmVzPzwvRk9OVD48L0RJVj4NCjxESVY+PEZPTlQgc2l6ZT0yPjwvRk9O VD4mbmJzcDs8L0RJ
Vj4NCjxESVY+PEZPTlQgc2l6ZT0yPiZuYnNwOyZuYnNwO0lmIHNvLHQ8L0ZP TlQ+PEZPTlQgc2l6
ZT0yPmhlIHN0ZXBzIEkgZ2VuZXJhdGUgbXkgDQpDQSBhcmU6PC9GT05UPjwv RElWPg0KPERJVj48
Rk9OVCBzaXplPTI+PC9GT05UPiZuYnNwOzwvRElWPg0KPERJVj48Rk9OVCBz aXplPTI+Jm5ic3A7
Jm5ic3A7Jm5ic3A7IDEuY3JlYXRlIGEgUlNBIHByaXZhdGUga2V5IGZvciBt eSANCkNBOjwvRk9O
VD48L0RJVj4NCjxESVY+PEZPTlQgc2l6ZT0yPiZuYnNwOyZuYnNwOyZuYnNw OyAmbmJzcDsmbmJz
cDsmbmJzcDsgJG9wZW5zc2wgZ2VucnNhIC1kZXMzIA0KLW91dCBjYS5rZXkg MTAyNDwvRk9OVD48
L0RJVj4NCjxESVY+PEZPTlQgc2l6ZT0yPiZuYnNwOyZuYnNwOyZuYnNwOyAy LmNyZWF0ZSBhIHNl
bGYtc2lnbmVkIENBIENlcnRpZmljYXRlIChYNTA5IA0Kc3RydWN0dXJlKSB3 aXRoIHRoZSBSU0Eg
a2V5IG9mIHRoZSBDQS48L0ZPTlQ+PC9ESVY+DQo8RElWPjxGT05UIHNpemU9 Mj4mbmJzcDsmbmJz
cDsmbmJzcDsgJm5ic3A7Jm5ic3A7Jm5ic3A7ICRvcGVuc3NsIHJlcSAtbmV3 IC14NTA5IA0KLWRh
eSAzNjUgLWtleSBjYS5rZXkgLW91dCBjYS5jcnQ8L0ZPTlQ+PC9ESVY+DQo8 RElWPjxGT05UIHNp
emU9Mj4mbmJzcDsmbmJzcDsmbmJzcDsgMy5zaWduIHRoZSBjZXJ0aWZpY2F0 ZSBvZiBteSBzZXJ2
ZXIgdXNpbmcgDQpzaWduLnNoIHByb3ZpZGVkIGJ5IG1vZF9zc2wvcGtnLmNv bnRyaWIvPC9GT05U
PjwvRElWPg0KPERJVj48Rk9OVCBzaXplPTI+Jm5ic3A7Jm5ic3A7Jm5ic3A7 ICZuYnNwOyZuYnNw
OyZuYnNwOyAkc2lnbi5zaCANCnNlcnZlci5jc3I8L0ZPTlQ+PC9ESVY+DQo8 RElWPjxGT05UIHNp
emU9Mj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDtUaGVuIEkgZ290IG15IHNl cnZlci5jcnQgaXNz
dWVkIGJ5IG15IA0KQ0EgQ2VydGlmaWNhdGUuPC9GT05UPjwvRElWPg0KPERJ Vj48Rk9OVCBzaXpl
PTI+Jm5ic3A7Jm5ic3A7Jm5ic3A7IDwvRk9OVD48L0RJVj4NCjxESVY+PEZP TlQgc2l6ZT0yPiZu
YnNwOyZuYnNwOyZuYnNwO0lzIHRoZXJlIGFueSBwcm9ibGVtcyBkdXJpbmcg dGhlIHByb2Nlc3Mg
SSANCmdlbmVyYXRlIENBPzwvRk9OVD48L0RJVj4NCjxESVY+PEZPTlQgc2l6 ZT0yPjwvRk9OVD4m
bmJzcDs8L0RJVj4NCjxESVY+PEZPTlQgc2l6ZT0yPkFueSBoZWxwIGFyZSBh cHByZWNpYXRlZCE6
KTwvRk9OVD48L0RJVj4NCjxESVY+PEZPTlQgc2l6ZT0yPiZuYnNwOyZuYnNw OyZuYnNwOyAmbmJz
cDsmbmJzcDsmbmJzcDsgJm5ic3A7Jm5ic3A7Jm5ic3A7IA0KJm5ic3A7Jm5i c3A7Jm5ic3A7ICZu
YnNwOyZuYnNwOyZuYnNwOyAmbmJzcDsmbmJzcDsmbmJzcDsgJm5ic3A7Jm5i c3A7Jm5ic3A7IA0K
Jm5ic3A7Jm5ic3A7Jm5ic3A7ICZuYnNwOyZuYnNwOyZuYnNwOyAmbmJzcDsm bmJzcDsmbmJzcDsg
DQp6aGFveGQ8L0ZPTlQ+PC9ESVY+PC9GT05UPjwvRElWPjwvQk9EWT48L0hU TUw+DQo=

------=_NextPart_000_00A3_01C258D3.10D2A820--

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: how to generate an authoritive CA Certificate?

This is a multi-part message in MIME format.

------_=_NextPart_001_01C25894.78390CDC
Content-Type: text/plain;
charset="gb2312"
Content-Transfer-Encoding: quoted-printable

Hi there
=20
There is nothing wrong with your certificate, the browser is correctly
picking up that it isn't from a trusted source. If you were to import
the certificate on to your client machine and add it on to the list of
trusted certificates by your client machine, then that message will go
away.
=20
I personally, for testing purposes, just say ok when that message pops
up, and proceed and proceed as normal.
=20
Cheers
Jose
=20

-----Original Message-----
From: zhaoxd [mailto:zhaoxd@capitel.com.cn]
Sent: 10 September 2002 08:05
To: modssl-users@modssl.org
Subject: how to generate an authoritive CA Certificate?



hello,everybody:
=20
Glad to talk to you!
I happen to be a learner,so,if I have some problems let you feel bad,
patient to me,please!
=20
When I constructed my web station through apache,I met with some
problems!
=20
I made the CA Certificate by myself,and issued a server.crt for my
web server using this CA,but I found an unexpected warning happened
when I tried to connect my apache server through MSIE&netscape.There
is a warning message which says my certificate is not issued by
Trusted CA.
=20
I think the CA generated by myself must be have some problems.My
question is:can guys make CA by themselves?
=20
If so,the steps I generate my CA are:
=20
1.create a RSA private key for my CA:
$openssl genrsa -des3 -out ca.key 1024
2.create a self-signed CA Certificate (X509 structure) with the
RSA key of the CA.
$openssl req -new -x509 -day 365 -key ca.key -out ca.crt
3.sign the certificate of my server using sign.sh provided by
mod_ssl/pkg.contrib/
$sign.sh server.csr
Then I got my server.crt issued by my CA Certificate.
=20
Is there any problems during the process I generate CA?
=20
Any help are appreciated!:)
zhaoxd


------_=_NextPart_001_01C25894.78390CDC
Content-Type: text/html;
charset="gb2312"
Content-Transfer-Encoding: quoted-printable



charset=3Dgb2312">

face=3DTahoma=20
size=3D2>-----Original Message-----
From: zhaoxd=20
[mailto:zhaoxd@capitel.com.cn]
Sent: 10 September 2002=20
08:05
To: modssl-users@modssl.org
Subject: how to =
generate=20
an authoritive CA Certificate?

size=3D-1>

size=3D-1>hello,everybody:

 

 Glad to talk to you!
 I happen to be a =
learner,so,if I have=20
some problems let you feel bad,patient to me,please!

 

  When I constructed my web station =
through=20
apache,I met with some problems!

  

  I made the CA Certificate by =
myself,and issued a=20
server.crt for my web server using this CA,but I found an =
unexpected=20
warning happened when I tried to connect my apache server through=20
MSIE&netscape.There is a warning message which says my =
certificate is=20
not issued by Trusted CA.

 

  I think the CA generated by=20
myself must be have some problems.My question is:can guys =
make CA by=20
themselves?

 

  If so,the steps =
I generate=20
my CA are:

 

    1.create a RSA private key for =
my=20
CA:

        $openssl =
genrsa -des3=20
-out ca.key 1024

    2.create a self-signed CA =
Certificate=20
(X509 structure) with the RSA key of the CA.

        $openssl req =
-new=20
-x509 -day 365 -key ca.key -out ca.crt

    3.sign the certificate of my =
server using=20
sign.sh provided by mod_ssl/pkg.contrib/

        $sign.sh=20
server.csr

    Then I got my server.crt =
issued by=20
my CA Certificate.

   

   Is there any problems during the =
process I=20
generate CA?

 

Any help are appreciated!:)

        =
   =20
            =
   =20
           =20
zhaoxd