I tried to create a server certificate as following. But at step 11 i got the error message:
CA certificate and CA private key do not match
12144:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:crypto\x509\x509_cmp.c:303:
error in ca
Thank you for your feedback if possible.
1. Create a Root Key
C:\root\ca>openssl
openssl> genrsa -aes256 -out private/ca.key.pem 4096
2. Create a Root Certificate (this is self-signed certificate)
OpenSSL> req -config openssl.cfg -key private/ca.key.pem -new -x509 -days 7300 -sha256 -extensions v3_ca -out certs/ca.cert.pem
3. Create an Intermediate Key
OpenSSL> genrsa -aes256 -out intermediate/private/intermediate.key.pem 4096
4. Create an Intermediate certificate signing request
openssl> req -config intermediate/openssl.cfg -new -sha256 -key intermediate/private/intermediate.key.pem -out intermediate/csr/intermediate.csr.pem
5. Create intermediate certificate (using Root Key/Certificate)
OpenSSL> req -config openssl.cfg -key private/ca.key.pem -new -x509 -days 7300 -sha256 -extensions v3_ca -out intermediate/certs/intermediate.cert.pem
6. Quit OpenSSL openssl> quit C:\root\ca>
7. Get CA-Chain Cert C:\root\ca>type intermediate\certs\intermediate.cert.pem certs\ca.cert.pem > intermediate\certs\ca-chain.cert.pem
8. Start OpenSSL C:\root\ca>openssl
9. Create a Server Key openssl>genrsa -aes256 -out intermediate/private/www.example.com.key.pem 4096 (vorher 2048)
10. Create a Server Signing Request openssl>req -config intermediate/openssl.cfg -key intermediate/private/www.example.com.key.pem -new -sha256 -out intermediate/csr/www.example.com.csr.pem
11. Create a Server Certificate (Using Server signing Request and Intermediate Certificate/Key) openssl> ca -config intermediate/openssl.cfg -extensions server_cert -days 375 -notext -md sha256 -in intermediate/csr/www.example.com.csr.pem -keyfile intermediate/private/intermediate.key.pem -out intermediate/certs/www.example.com.cert.pem