But once the certificates and keys are generated, I usually deploy them something don’t work. The openvnp log contains something like :
VERIFY ERROR: depth=X, error=self signed certificate: ...
openssl offer a command for checking certificate chains before deployment:
openssl verify -CAfile ca.crt server.crt
If the response is not “client.crt: OK”, there is no need trying to deploy your certificates.