Creating OpenSSL Server Certificates for Testing Failed

I’m following exactly instructions from these two pages

But when running

openssl verify -CAfile test-ca.pem test-server1.pem

I got this error

error 7 at 0 depth lookup: certificate signature failure
error test-server1.pem: verification failed
139886075573568:error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding:…/crypto/rsa/rsa_pk1.c:66:
139886075573568:error:04067072:rsa routines:rsa_ossl_public_decrypt:padding check failed:…/crypto/rsa/rsa_ossl.c:588:
139886075573568:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:…/crypto/asn1/a_verify.c:170:

Anyone please knows why? Thank you

Took me almost a day to find out. Call me crazy or whatever, but apparently the common name between intermediate and root certificate must be different. I set them to be equal when using self certificates.

Use the intermediate key to create a certificate signing request (CSR). The details should generally match the root CA. The Common Name , however, must be different.

Hope that helps someone.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.