Certificate request error "Waiting for trusted request"
I tried using openssl to sign a certificate with my own CA. There are two options.
-
openssl x509
...openssl X509 -req -CA ca.crt -CAkey ca.pem -in bob.csr -out bob.crt -CAcreateserial`
Some posts say that x509 is used to generate self-signed certificates.
But the error occurs with openssl x509
:
unable to load certificate
6612:error:0906D06C:PEM routines:PEM_read_bio:no start
line:.\crypto\pem\pem_lib.c:701:Expecting: TRUSTED CERTIFICATE
-
openssl ca
:openssl ca -in bob.csr -out bob.crt -keyfile ca.key
It should configure config openssl.config beforehand. For example, create a directory ./demoCA
.
Please let me know which path is correct. If openssl x509
correct, how to resolve the error expecting trusted certificate
? I really appreciate it!
source to share
Please let me know which path is correct. If openssl x509 is correct, how to resolve the expected certificate error? I really appreciate it!
You are using openssl x509
to work with certificates. Since you don't have a certificate, you shouldn't use openssl x509
.
You use openssl req
to sign requests. If you only use openssl req
, you create a signature request.
If you use openssl req -x509
, you create a self signed certificate. It refuses the signature request and goes directly to the certificate.
If you need help becoming your own CA then see How do you sign a certificate certification request with your CA?
If you need help signing requests and well-formed certificates, see How do I generate a self-signed certificate with openssl? ...
source to share