OpenSSL - error 18 at 0 depth lookup:self signed certificate
I think you missed this part of the instructions:
Whatever method you use to generate the certificate and key files, the Common Name value used for the server and client certificates/keys must each differ from the Common Name value used for the CA certificate. Otherwise, the certificate and key files will not work for servers compiled using OpenSSL.
When OpenSSL prompts you for the Common Name for each certificate, use different names.
Sathish
Working as System Engineer, having good hands on experience in Linux administration, Amazon web services - Ec2, S3, RDS, Cloudfront, Route 53, Elastic Load Balancing, Auto Scaling, IAM, SES, SQS, SNS, VPC, Cloud Formation, CloudWatch, Glacier, Elastic Transcoder, Wowza Media Streaming, FFMPEG, AVConv, Kaltura, Red5 Media Streaming, ShoutCast streaming, IceCast streaming, Cpanel, Plesk, Virtualmin Hosting Linkedin - https://www.linkedin.com/in/sathishkumarkp
Updated on February 13, 2020Comments
-
Sathish about 4 years
I was trying to create a SSL certificate to use with MySQL as like mentioned here : http://dev.mysql.com/doc/refman/5.5/en/creating-ssl-certs.html
While verifying the certificates I got the following error
# openssl verify -CAfile ca-cert.pem server-cert.pem client-cert.pem server-cert.pem: C = IN, ST = KERALA, L = COCHIN, O = ABCD, OU = OPERATIONAL, CN = SATHISH, emailAddress = [email protected] error 18 at 0 depth lookup:self signed certificate OK client-cert.pem: C = IN, ST = KERALA, L = COCHIN, O = ABCD, OU = OPERATIONAL, CN = sathish, emailAddress = [email protected] error 18 at 0 depth lookup:self signed certificate OK
Could someone help me on generating keys without any errors based on the document in the above link.
-
Cerveser about 10 yearsI had the same issue: after you enter some values for the Distinguished Name you can enter the value for the Common Name.
-
Jihane almost 4 yearsThis is the best answer to this issue out there, thank you so much, been struggling with this for days.
-
SiHa about 3 yearsUnfortunately, all of the guides I've seen out there neglect to mention this (rather crucial) point. Thanks.
-
itlux almost 3 yearsI have the same issue when generated ca.pem and client.pem with the same CN, thanks u!