Use Private Certificate Authority to Sign Certificate Signing Request on Linux

I’ll assume that you created a private CA using my tutorial. I also make the following assumptions before proceeding with the tutorial.

  • OpenSSL has been installed
  • CA private key is in /home/cg/myca/private/
  • CA root certificate is in /home/cg/myca/certs/
  • CA’s config file, caconfig.cnf, is in /home/cg/myca/conf/
  • serial is in /home/cg/myca/
  • index.txt is in /home/cg/myca/

Copy CSR

You should copy/download the CSR to /home/cg/myca/csr/ directory.

Sign CSR

Then run the following command to sign it.

openssl x509 -days 3650 -CA certs/crt.ca.cg.pem -CAkey private/key.ca.cg.pem -req -in csr/csr.server1.pem -outform PEM -out certs/crt.server1.pem -CAserial serial

You’ll be asked to provide the passphrase for the CA root certificate key. The final file, crt.server1.pem, is to be sent to the person who initiated the CSR. This is the final certificate they’ll use.

Advertisements

2 Responses to Use Private Certificate Authority to Sign Certificate Signing Request on Linux

  1. Anonymous says:

    sweet, thanks a lot :)

  2. Anonymous says:

    Thanks dude. Simple and clear howto. This saved me quite some time.

%d bloggers like this: