Openssl

grylux · 02-20-2012, 06:59 AM

Hi to all!

Using openssl, I have created 2 Certification Authorities(CAs), CA1 and CA2.Each CA has its own certificate signed by itself!
Also, i have created a user. The user has its own certificate which is signed by CA1.

I want your help/suggestions how to do this: There is need CA1 and CA2 to have mutual trust, CA1 to trust CA2 and CA2 to trust CA1. So, if the user will ask to verify its certificate from CA2 then the result must be valid, because CA2 trusts CA1.

Any suggestions???

Berhanie · 02-20-2012, 07:47 AM

you can redo things by making CA1 and CA2 be intermediates of the same root CA. then, anyone who trusts CA also trusts anything signed by CA1 or CA2.

grylux · 02-20-2012, 11:21 AM

Quote:

Originally Posted by Berhanie

you can redo things by making CA1 and CA2 be intermediates of the same root CA. then, anyone who trusts CA also trusts anything signed by CA1 or CA2.

I think that you are right! I will come back with results..
If you know any good tut about creating intermediate CAs it would be appreciated!
Otherwise the web is out there for me!

Thanks

grylux · 02-21-2012, 10:02 AM

I created a RootCA and 2 intermediate CAs: CA1 and CA2.
The certificates of CA1 and CA2 are signed from RootCA's certificate.

Also, created a user's certificate which is signed by the CA1's certificate.

When i try to verify CA1's and CA2's certificates with the RootCA's certificate the result is OK!

But when i try to verify user's cert. with the CA1's cert. the result is ERROR!!

Any help??Why does it happen, as i signed user's cert with CA1's cert.??????

grylux · 02-21-2012, 11:20 AM

self response :P
actually this problem is solved creating a chain.pem as follows:

cat userCert.pem ca1cert.pem rootCert.pem > chain.pem
openssl verify -CAfile chain.pem -verbose userCert.pem
>Signature OK