Not sure if I've got this working right...

Installed TinyCA2 from the OpenSuSE repository on OpenSuSE 11.
Found that the default application path of TinyCA2 is

/root/.TinyCA/-CAname-/

There are subfolders for certificates, keys and requests. I also see
cacert.key and cacert.pem which I assume are the CA private and public
keys and an openssl.cnf which appears to be a customized openssl
configuration file

Following other online guides, I believe the next step after installing
a CA is to create public and private keys for the local Server which
would then be used for signing certificates for other machines.

Determined the way to create a certificate request (undocumented) is to
click on the Requests tab, rt-click in the empty pane and select New
Request.

But, I suspect that there is still something wrong.

Attempting to create a Server certificate for the local CA machine,
when I test its validity by the following command


Code:
--------------------
openssl verify -certificatefilename-
--------------------


I return an error


Code:
--------------------
error 20 at 0 depth lookup: unable to get local issuer certificate.
--------------------


When I attempt to look at the certificate's details using TinyCA, I
don't see any information about the issuer's authorization chain
(*should there be?). *Is this first Server certificate supposed to be
the root authority or should it refer to the CA which holds its
credentials?

Maybe using the regular openssl commands won't work because by default
they don't reference TinyCA?

TIA.


--
tsu2
------------------------------------------------------------------------
tsu2's Profile: http://forums.opensuse.org/member.php?userid=2578
View this thread: http://forums.opensuse.org/showthread.php?t=401723