Jkjs
Got an answer to my question:
1) Created a root CA certificate with these commands:
openssl req -newkey rsa:1024 -sha1 -keyout rootkey.pem -out rootreq.pem openssl x509 -req -in rootreq.pem -sha1 -signkey rootkey.pem -out rootcert.pem
2) The installed CA certificate as a trusted certificate with the following commands:
sudo mkdir /usr/share/ca-certificates/extra sudo cp rootcert.pem /usr/share/ca-certificates/extra/rootcert.crt sudo dpkg-reconfigure ca-certificates sudo update-ca-certificates
3) Created an intermediate certificate signed by the root certification authority with the following commands:
openssl req -newkey rsa:1024 -sha1 -keyout skey.pem -out sreq.pem sudo openssl x509 -req -in sreq.pem -sha1 -CA /etc/ssl/certs/rootcert.pem -CAkey rootkey.pem -CAcreateserial -out scert.pem
4) The created client certificate, signed by the intermediate CA, with the following commands:
openssl req -newkey rsa:1024 -sha1 -keyout ckey.pem -out creq.pem openssl x509 -req -in creq.pem -sha1 -CA scert.pem -CAkey skey.pem -CAcreateserial -out ccert.pem
Now Chain Of Trust is working fine:
1) root CA check
openssl verify rootcert.pem rootcert.pem: OK
2) intermediate CA verification
openssl verify scert.pem scert.pem: OK
3) verification of client certificate
openssl verify -CAfile scert.pem ccert.pem ccert.pem: OK
harihardik
source share