make certificate command

make certificate command

am 11.09.2002 09:15:34 von CorreiJ

Hi all

I'm trying to generate my fake client certificate for test purposes.

For this I'm using the "make certificate" command under apache (which
is tied to openssl via modssl).

I have a question in the process, when I reach STEP 3 it tells me:

"STEP 3: Generating X.509 certificate signed by Snake Oil CA
[server.crt]
Certificate Version (1 or 3) [3]:
Signature ok
subject=/O=telkom/OU=users/CN=Jose
Getting CA Private Key
Verify: matching certificate & key modulus
read RSA key
Verify: matching certificate signature
.../conf/ssl.crt/server.crt: /C=XY/ST=Snake Desert/L=Snake Town/O=Snake
Oil, Ltd/OU=Certificate Authority/CN=Snake Oil
CA/Email=ca@snakeoil.dom
error 10 at 1 depth lookup:Certificate has expired
OK"

Does this mean my server.crt wasn't signed by the CA SnakeOil because
it has expired??

Thanks in advance
Jose Correia

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: make certificate command

am 11.09.2002 10:04:31 von Olaf Gellert

Hi,

> "STEP 3: Generating X.509 certificate signed by Snake Oil CA
> [server.crt]
> Certificate Version (1 or 3) [3]:
> Signature ok
> subject=/O=telkom/OU=users/CN=Jose
> Getting CA Private Key
> Verify: matching certificate & key modulus
> read RSA key
> Verify: matching certificate signature
> ../conf/ssl.crt/server.crt: /C=XY/ST=Snake Desert/L=Snake Town/O=Snake
> Oil, Ltd/OU=Certificate Authority/CN=Snake Oil
> CA/Email=ca@snakeoil.dom
> error 10 at 1 depth lookup:Certificate has expired
> OK"
>
> Does this mean my server.crt wasn't signed by the CA SnakeOil because
> it has expired??

I guess it means that the Snake Oil CA certificate has expired.
I just had a look into the certificate (provided with openssl-0.9.6g),
its validity is from 9th Oct 1995 until 5th Jul 1998.
So it should not be possible to create some new certificates
with it...

Can someone verify this?

Olaf

--
Olaf Gellert mailto:gellert@pca.dfn.de
------------------------------------------------------------ ----
DFN-PCA: Eine Arbeitsgruppe der DFN-CERT GmbH
Oberstr. 14b http://www.pca.dfn.de/
D-20144 Hamburg, Germany +49.40.808077-555 / Fax: -556
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org