A client today complained that they couldn't get SSL connections working with certificates signed with by non-root CA certs. I've never tried this before, although I have more than once successfully used my own generated root CA certificates. And when I tried I couldn't get it working either. Either something is broken in what I did, or the mechanism is somehow broken. The intermediate CA cert does show the root cert as its Authority, so I think I have done it right:
The second key ID shown here is indeed that of the root CA key.
If anyone has a good working example, I'd greatly appreciate it.
X509v3 extensions:
X509v3 Subject Key Identifier:
03:E8:CD:AA:4E:C6:04:A9:B4:6C:CB:A2:50:1E:A3:FB:1C:E4:88:AF
X509v3 Authority Key Identifier:
keyid:67:55:5B:92:3F:2E:AD:79:7E:50:0C:A5:D3:77:E0:2F:24:F3:76:57
X509v3 Basic Constraints:
CA:TRUE
The second key ID shown here is indeed that of the root CA key.
If anyone has a good working example, I'd greatly appreciate it.