I was trying to create a SSL certificate to use with MySQL as like mentioned here: http://dev.mysql.com/doc/refman/5.5/en/creating-ssl-certs.html
While verifying the certificates I got the following error
# openssl verify -CAfile ca-cert.pem server-cert.pem client-cert.pem
server-cert.pem: C = IN, ST = KERALA, L = COCHIN, O = ABCD, OU = OPERATIONAL, CN = SATHISH, emailAddress = sathish@abcd.com
error 18 at 0 depth lookup:self signed certificate
OK
client-cert.pem: C = IN, ST = KERALA, L = COCHIN, O = ABCD, OU = OPERATIONAL, CN = sathish, emailAddress = sathish@abcd.com
error 18 at 0 depth lookup:self signed certificate
OK
Could someone help me on generating keys without any errors based on the document in the above link.
I think you missed this part of the instructions:
Whatever method you use to generate the certificate and key files, the Common Name value used for the server and client certificates/keys must each differ from the Common Name value used for the CA certificate. Otherwise, the certificate and key files will not work for servers compiled using OpenSSL.
When OpenSSL prompts you for the Common Name for each certificate, use different names.
When you use openssl
command that creates the certificates and keys, it will ask you to fill some fields, and you will come across Common Name
option like following:
Common Name (e.g. server FQDN or YOUR name) []:
In this case you need to provide a different name each time and not to let it use the default value.
For example:
CA Cert: app-ca-cert.
Server Cert: app-server-cert.
Client Cert: app-client-cert.
As the guide explained
Important
Whatever method you use to generate the certificate and key files, the Common Name value used for the server and client certificates/keys must each differ from the Common Name value used for the CA certificate. Otherwise, the certificate and key files do not work for servers compiled using OpenSSL.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.