I have a self-signed certificate (and CA) created on a Mac using OpenSSL 0.9.8zc. I use the certificate to secure connection to my svn server. With the latest OS X update, OpenSSL was updated to 0.9.8zd. Now I cannot connect to my server, I get "certificate verify failed" from svn.
Using openssl verify:
openssl verify -CAfile ~/Desktop/Certificates.pem -check_ss_sig ~/Downloads/svn.pem
I get
~/Downloads/svn.pem: /CN=My Open Directory Certification Authority/O=Me/OU=MACOSX OpenDirectory Root CA/emailAddress=webmaster@me
error 7 at 2 depth lookup:certificate signature failure
It looks like the signature of my CA is now considered "broken". My questions:
How can I investigate further to figure out what is "broken" exactly about my certificate, so I do not repeat this mistake?
Is there a way to fix this short of reissuing every certificate starting with CA?