In this section, you issue the server certificate.
- Run the batch file
sign_srv.cmd, which is in
$COBSSL (if set) by default. When the batch file asks if you are ready, press any key.
The batch file calls the
ca command of the
openssl utility to create a signed certificate,
srvcert.pem, containing the public key from the certificate request.
- When you are prompted for the pass phrase, enter the CA pass phrase
srvrootpwd. This confirms your right to access the CA private key file
cakey.pem, and then displays the certificate request (from the CSR file
- When asked whether to sign the certificate, reply
The certificate is then created and signed with your private key from
cakey.pem. It is in PEM format. It is saved in
srvcert.pem, with a copy in
newcerts\01.pem. If this tutorial has been run before, and
01.pem already exists, the copy will be called
02.pem and so on.
- As before, view the certificate using the
openssl x509 -in newcerts\01.pem -text
Notice that the Issuer is shown as the Distinguished Name of your Demo CA, while the Subject - the entity to whom the certificate
has been issued - is the Distinguished Name of your server.
01.pem from the
newcerts directory to the
certs directory, which is your Demo CA's database of certificates it has issued.
- In a real case the CA would now send
srvcert.pem to the server owner to install it in their SSL software so that Web users can download it.