User`s guide
Sign a Certificate Request
1. To sign a certificate request, enter the following:
# cd /work/openssl-0.9.7c/CA
# cp req.pem newreq.pem
# sh /usr/local/ssl/misc/CA.sh -sign
2. Use the configuration from sample file /usr/share/ssl/openssl.cnf.
3. Enter PEM pass phrase. Enter the CA Password created in "Create/Use a
Server Certificate" on page 257, in the step that begins
Enter the PEM pass phrase.
CA Password
4. Check that the request matches the signature:
Signature ok
The Subjects Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'Minnesota'
localityName :PRINTABLE:'Minneapolis'
organizationName :PRINTABLE:'Digi International'
commonName :PRINTABLE:'Digi Passport'
Certificate is to be certified until Oct 6 09:39:59 2013 GMT (3653
days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=Minnesota, L=Minneapolis, O=Digi International,
CN=Digi International
Validity
Not Before: Oct 6 09:39:59 2003 GMT
Not After : Oct 6 09:39:59 2013 GMT
Subject: C=US, ST=Minnesota, L=Minneapolis, O=Digi International,
CN=Digi Passport
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----
Signed certificate is in newcert.pem