Sign the certificate

The next step is to sign the certificate.

To sign the certificate, you use the following files created in the previous procedures:
  • textml_root_cert.pem: TEXTML Server root certificate
  • textml_root_privatekey.pem: Private key specific to the TEXTML Server root CA
  • textml_csr.pem: Certificate Signing Request
  1. In the openssl directory, run the following command:
    openssl ca -out CA/newcerts/textml_signed_cert.pem -config ./openssl.cnf -cert CA/newcerts/textml_root_cert.pem -keyfile CA/private/textml_root_privatekey.pem -infiles CA/newcerts/textml_csr.pem 
    The following message is displayed:
    Enter pass phrase for CA/private/textml_root_privatekey.pem:
  2. Enter the passphrase that you used to create the root certificate and press Enter.
    A message similar to the following is displayed:
    Check that the request matches the signature
    Signature ok
    The Subject's Distinguished Name is as follows
    countryName           :PRINTABLE:'CA'
    stateOrProvinceName   :PRINTABLE:'Quebec'
    localityName          :PRINTABLE:'Montreal'
    organizationName      :PRINTABLE:'ACME'
    organizationalUnitName:PRINTABLE:'ACME'
    commonName            :PRINTABLE:'dita-textml.acme.local'
    Certificate is to be certified until Apr  1 20:15:49 2016 GMT (365 days)
    Sign the certificate? [y/n]:
  3. Enter y to sign the certificate.
    The following message is displayed:
    1 out of 1 certificate requests certified, commit? [y/n]
  4. Enter y to commit the certificate to the database.