Does this mean?
[warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
Basically it means you created your SSL Certificate as a CA the wrong way, usually with this command:
openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key
How can you fix it and do it properly?
Step 1.) Make a new Private KeyCreate server pass key:
openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 Create private key openssl rsa -passin pass:x -in server.pass.key -out server.key remove server.pass.key (not needed after you have your private key) rm server.pass.key Step 2.) Generate your CSR Use the newly created server.key (Private Key) to generate your CSR). openssl req -new -key server.key -out server.csr
Step 3.) Create .CRT using your CSR
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt