Home/Computers & IT/How to fix “RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)” error

If you encounter this error:

[warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) in you apache error.log this means you have created a cert that is intended to be used to sign other certs, but you’re using that cert as your SSL cert. So, it depends how you create the SSL cert.But how can we solve this problem?!

1. Generate private key and certificate signing request

openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 openssl rsa -passin pass:x -in server.pass.key -out server.key rm server.pass.key openssl req -new -key server.key -out server.csr

when the openssl req command asks for a “challenge password”, just press enter, leaving the password empty/ blank.
2. Generate SSL certificate

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

I hope this helps you out with this issue as its pretty common for people not familiar with certs to make this mistake.

By | 2017-06-27T11:12:34+00:00 May 11th, 2016|Computers & IT|0 Comments

Leave A Comment