{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 啃猪蹄的小仙女 的问题《Error ssl_error_unknown_ca_alert Peer does not rec》','https://www.manongdao.com/q-996256.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have a problem. I become the error in the headline. I have a signed certificate from a recognized company. Now I want to create a second certificate.
I created the key with
openssl genrsa -des3 -out example.abc.key
then the CSR-File with
openssl req -new -key example.abc.key -out example.abc.csr
and removed the passphrase with
openssl rsa -in example.abc.key -out example.abc.key
Now I created the certificate signed by the other certificate I become from the recognized company with
openssl x509 -req -in example.abc.csr -CA signed.certificate.crt -CAkey signed.certificate.key -out example.abc.crt
After all, I create the PKCS12-File
openssl pkcs12 -export -in example.abc.crt -inkey example.abc.key -name "Example Client" -out example.abc.p12
If I call the website the webserver ask the client to identify and I can selected the imported certificate. The error in the headline appears and I didn't know how to solve it. I'm frustrated, because I googled, but didn't find anything which helps.
If I understand you correctly you got a signed certificate and you want to use it to sign another certificate. Since I'm pretty sure that you just got a normal certificate you might be able to sign another certificate, but this new certificate will not accepted by anybody. Only CA certificates can be used to successfully sign other certificates.
If this restriction would not be there then anybody could get a certificate for its own site (example.com) and then use it to sign a certificate for some other site like paypal.com. This would be indeed very bad if this would work.