How to sign UnrealIRCD 3.2.2 SSL certificate

[LBB]

Hello,

I'm new on this forum.

Please, How to sign a UnrealIRCD certificate using cacert.org ?

I haven't found not any howto's, step-by-step tutorials to how to proceed...


Verify E: self signed certificate.? (18) -- Ignored


Thanks in advance.

p.s. :
- I'm on a Linux Box Debian Woody RC3 with OpenSSL
- No compilation errors
- I have 3 pem files on Unreal3.2/
server.cert.pem
server.key.pem
server.req.pem

[Dukat]

Easiest way:
Put the key you generated in the server.key.pem file and the cert they sent you in the server.cert.pem file.
You don't need the server.req.pem file.

[LBB]

Thanks for your reply.

But ...

What I have do :
openssl req -nodes -new -keyout server.key.pem -out server.csr

I put the content of server.csr on Cacert.org and return the Certificate signed by us on server.cert.pem

I have this error now :
Verify E: unable to get local issuer certificate.? (20) -- Ignored

What's the problem ?

[codemastr]

That's a client error. My guess is your client does not have cacert.org's root certificate in its trusted CA list. You can get their root certificate at http://www.cacert.org/index.php?id=3

[LBB]

Hum, thanks...

This mean each client need a root cacert ?!

[Syzop]

I presume this is basically the same issue as [SSL] self signed certificate in certificate chain.? (19).. you could either just let the client accept such untrusted certificates, or indeed import the root certificate of cacert on every client...

I don't know which SSL-client your users are using, but most don't have the CACERT root certificate installed by default.. in fact, some don't have any root certificates installed by default (like mIRC). Anyway, even if they did, then it would probably be the cert of companies that ask several hundreds of dollars, so.. :p

So I guess you could do things like this for your network: putting a tutorial online, perhaps even something that installs mIRC (or another client) along with the appropriate certs etc.