Previous Topic Next topic Print topic


Issuing a Server Certificate

In this section, you issue the server certificate.

  1. Run the batch file sign_srv.cmd, which is in /opt/microfocus/DemoCA/openssl or $COBSSL (if set) by default. When the batch file asks if you are ready, press any key.

    The batch file calls the ca command of the openssl utility to create a signed certificate, srvcert.pem, containing the public key from the certificate request.

  2. When you are prompted for the pass phrase, enter the CA pass phrase srvrootpwd. This confirms your right to access the CA private key file cakey.pem, and then displays the certificate request (from the CSR file srvcertreq.csr).
  3. When asked whether to sign the certificate, reply y twice.

    The certificate is then created and signed with your private key from cakey.pem. It is in PEM format. It is saved in srvcert.pem, with a copy in newcerts\01.pem. If this tutorial has been run before, and 01.pem already exists, the copy will be called 02.pem and so on.

  4. As before, view the certificate using the openssl command:
    openssl x509 -in newcerts\01.pem -text

    Notice that the Issuer is shown as the Distinguished Name of your Demo CA, while the Subject - the entity to whom the certificate has been issued - is the Distinguished Name of your server.

  5. Copy 01.pem from the newcerts directory to the certs directory, which is your Demo CA's database of certificates it has issued.
  6. In a real case the CA would now send srvcert.pem to the server owner to install it in their SSL software so that Web users can download it.
Previous Topic Next topic Print topic