Not sure if I've got this working right...

Installed TinyCA2 from the OpenSuSE repository on OpenSuSE 11.
Found that the default application path of TinyCA2 is


There are subfolders for certificates, keys and requests. I also see cacert.key and cacert.pem which I assume are the CA private and public keys and an openssl.cnf which appears to be a customized openssl configuration file

Following other online guides, I believe the next step after installing a CA is to create public and private keys for the local Server which would then be used for signing certificates for other machines.

Determined the way to create a certificate request (undocumented) is to click on the Requests tab, rt-click in the empty pane and select New Request.

But, I suspect that there is still something wrong.

Attempting to create a Server certificate for the local CA machine, when I test its validity by the following command

openssl verify certificatefilename
I return an error

error 20 at 0 depth lookup: unable to get local issuer certificate.
When I attempt to look at the certificate's details using TinyCA, I don't see any information about the issuer's authorization chain (should there be?). Is this first Server certificate supposed to be the root authority or should it refer to the CA which holds its credentials?

Maybe using the regular openssl commands won't work because by default they don't reference TinyCA?