im currently writing a server/client system using ssl socket. I use the openssl api.

But i have a little trouble making the necessary certificates. My problem is when the client wants to verify the certificate. And I have found out that the thing that Im missing is the ca file that represents trusted certificates.
On the server, this is the function to use.

But i do not know how to create that file.

I made the certificate/private key using the "CA.pl -newcert" command, creating a certificate and private key. This is just a perl script that does the same job as the openssl command tool

What I want, is for that certificate to be a trusted one. The "ca.file" is supposed to contain the certificates that are trusted.

Anyone have any ideas how to produce that ca.file

In order for your certificate to be "trusted" it must be signed by a company such as VeriSign. Check out VeriSign's website for more info. I believe there is a free trial certificate that they will give you for a month or so. There are other companies that provide the same service but I can't think of there names.

You can self sign your certificate but people visit your site will get a security pop-up. I self signed my certificate so if you go to my secured site here you will see the pop-up that a self signed certificate generates.

ok thanks.

I would like to precise that this is not a web site, but a server and client written in c.

I will take you up on that adwise, but I though I could do this without using a real CA becuase I read an article on linuxjournal.com on howto program a ssl server/client. And the source code that came with that article included the nescessary certificates including a root.pem file that was the file that the server would use to identify the the trusted certificates.

On the client side you would use


This would verify the certificate. But on my client, this will always fail.

But you're probably right. I real CA have to sign the certifiacate.