Intermediate CA certificate has no valid signature
I've followed the Jamie's tutorial to create CA root and Intermediate CA certificates over Win7 using -subj option for subject info and they passed the openssl verify command with OK.
openssl genrsa -aes256 -out intermediate/private/intermediate.key.pem 4096
openssl req -config intermediate/openssl.cnf -new -sha256 -key intermediate/private/intermediate.key.pem -out intermediate/csr/intermediate.csr.pem -subj "/CN=AC Pruebas Inter (4096)/O=ORG S.A. de C.V./OU=Org unit/[email protected]/streetAddress=myStreet, myNumber/postalCode=09999/C=MX/ST=my City/L=my Locality/2.5.4.45=ORG990701NN3/1.2.840.113549.1.9.2=Responsable: ORG"
openssl ca -config openssl.cnf -extensions v3_intermediate_ca -days 3650 -notext -md sha256 -in intermediate/csr/intermediate.csr.pem -out intermediate/certs/intermediate.cert.pem
Then I renamed Inter CA certificate extension to .CRT in order to open it with windows client app, but in Certification path Tab at the status certificate field, it shows an error message saying that the certificate has no valid signature. I've installed the CA root certificate in the trusted root certificate store but the error message remains.
Which could it be the problem?
Problem solved, I was installing root cert in the wrong way using the Install button of windows client. The correct way is described in this MS TechNet paper using MMC Windows Utility. Once the root cert was correctly installed the error message dissapeared.
- Can OpenSSL on Windows use the system certificate store?
- Custom encryption approach in PHP (like JWT) – is this secure enough
- openssl how to check server name indication (SNI)
- Is there a way to get the OpenSSL X509 certificate name that im sending to peer in C++?
- Prisma openssl version issue
- How to read the openssl alert messages?
- PHP openssl_pkcs12_read "error:0308010C:digital envelope routines::unsupported"
- After using PEM_read_bio_PUBKEY I am unable to unload win dll
- Correct location of openssl.cnf file
- Converting a Java Keystore into PEM Format
- dyld: Library not loaded: /usr/local/opt/openssl/lib/libssl.1.0.0.dylib
- Creating self signed certificate for domain and subdomains - NET::ERR_CERT_COMMON_NAME_INVALID
- Error installing Ruby with rvm: "__rvm_make -j8"
- split .pfx file into .crt and .key with openssl
- libssl.so.1.1: cannot open shared object file: No such file or directory
- Difference between pem, crt, key files
- "The password you entered is incorrect" when importing .pfx files to Windows certificate store
- does openssl_sign support Ed25519 keys?
- Spring Boot 3.4.1 SSLBundle with pem configuration inside application.yml
- I can't compile boost beast example "http_server_async_ssl.cpp"
- Error Building NGINX with HTTP/3 Support on Windows: NMAKE Fatal Error U1077 with OpenSSL 3.0.13
- Building Python and OpenSSL from source, but ssl module fails
- Find if a certificate is self signed or CA signed
- How do I get Visual Studio Code to trust our self-signed proxy certificate?
- OpenSSL CSR subject line variation with use of emailAddress
- How to fix SSL issue SSL_CTX_use_certificate : ca md too weak on Python Zeep
- Not able to import .pfx file to azure keyvault
- MongoDB and Compass won't TLS with Custom CA certs made with OpenSSL
- Creating .p12 truststore with openssl
- Verifying a signature with OpenSSL