Cryptography Reference
In-Depth Information
database=index.txt
serial=serial
policy=policy_any
[ policy_any ]
commonName=supplied
NOTE
These fi les are required to complete a CSR signature; if you want to
know more about what they're for and what other options are available,
consult the OpenSSL documentation.
4. You also need an empty
index.txt
fi le
touch index.txt
or, on a windows system
fsutil file createnew index.txt 0
and a fi le name
serial
with the next serial number in it. Because this
is a new “certifi cate authority,” the fi rst serial number it issues is serial
number 1:
echo 01 > serial
5. With this very minimal infrastructure, you can now sign your CSR
using the root CA fi le:
[jdavies@localhost trusted_certs]$ openssl ca -config ca.cnf -cert root_
cert.pem \
-keyfile root_key.pem -in client_csr.pem -out client_cert.pem -outdir .
-md sha1 \
-days 365
Using configuration from ca.cnf
Enter pass phrase for root_key.pem:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'TX'
localityName :PRINTABLE:'Southlake'
organizationName :PRINTABLE:'Architecture'
organizationalUnitName:PRINTABLE:'Travelocity'
commonName :PRINTABLE:'Joshua Davies Client'
emailAddress :IA5STRING:'joshua.davies@travelocity.com'
Certificate is to be certified until Aug 11 22:31:21 2011 GMT (365 days)
Sign the certificate? [y/n]:y
(Continued)
Search WWH ::
Custom Search