![]() rootca/nf -in subca.csr -out subca.crt -extensions sub_ca_ext When prompted, sign the certificate, and commit it to the database. The extensions indicate that the certificate is for a CA that can sign certificates and certificate revocation lists (CRLs). Specify sub_ca_ext for the extensions switch on the command line. Submit the CSR to the root CA and use the root CA to issue and sign the subordinate CA certificate. openssl req -new -config nf -out subca.csr -keyout private/subca.key Having a subordinate CA does, however, mimic real world certificate hierarchies in which the root CA is kept offline and a subordinate CA issues client certificates.įrom the subca directory, use the configuration file to generate a private key and a certificate signing request (CSR). ![]() Because you can use the root CA to sign certificates, creating a subordinate CA isn’t strictly necessary. This example shows you how to create a subordinate or registration CA. Step 5 - Create a subordinate CA configuration fileĬreate a configuration file and save it as nf in the subca directory. Step 4 - Create the subordinate CA directory structureĬreate a directory structure for the subordinate CA at the same level as the rootca directory. openssl ca -selfsign -config nf -in rootca.csr -out rootca.crt -extensions ca_ext Sign the certificate, and commit it to the database. These extensions indicate that the certificate is for a root CA and can be used to sign certificates and certificate revocation lists (CRLs). Specify the ca_ext configuration file extensions on the command line. Self-signing is suitable for testing purposes. ![]() Next, create a self-signed CA certificate. openssl req -new -config nf -out rootca.csr -keyout private/rootca.key Name_opt = utf8,esc_ctrl,multiline,lname,alignīasicConstraints = critical,CA:true,pathlen:0įirst, generate a private key and the certificate signing request (CSR) in the rootca directory. Īia_url = crl_url = default_ca = ca_default Step 2 - Create a root CA configuration fileīefore creating a CA, create a configuration file and save it as nf in the rootca directory.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |