Use Private Certificate Authority to Sign Certificate Signing Request on Linux
April 16, 2013 2 Comments
I’ll assume that you created a private CA using my tutorial. I also make the following assumptions before proceeding with the tutorial.
- OpenSSL has been installed
- CA private key is in /home/cg/myca/private/
- CA root certificate is in /home/cg/myca/certs/
- CA’s config file, caconfig.cnf, is in /home/cg/myca/conf/
- serial is in /home/cg/myca/
- index.txt is in /home/cg/myca/
You should copy/download the CSR to /home/cg/myca/csr/ directory.
Then run the following command to sign it.
openssl x509 -days 3650 -CA certs/crt.ca.cg.pem -CAkey private/key.ca.cg.pem -req -in csr/csr.server1.pem -outform PEM -out certs/crt.server1.pem -CAserial serial
You’ll be asked to provide the passphrase for the CA root certificate key. The final file, crt.server1.pem, is to be sent to the person who initiated the CSR. This is the final certificate they’ll use.