The next step is to sign the certificate.
About this task
To sign the certificate, you use the following files created in the previous procedures:
- textml_root_cert.pem: TEXTML Server root
certificate
- textml_root_privatekey.pem: Private key specific to the
TEXTML Server root CA
- textml_csr.pem: Certificate Signing Request
Procedure
-
In the
openssl
directory, run the following command:
openssl ca -out CA/newcerts/textml_signed_cert.pem -config ./openssl.cnf -cert CA/newcerts/textml_root_cert.pem -keyfile CA/private/textml_root_privatekey.pem -infiles CA/newcerts/textml_csr.pem
The following message is
displayed:
Enter pass phrase for CA/private/textml_root_privatekey.pem:
-
Enter the passphrase that you used to create the root certificate and press
Enter.
A message similar to the following is
displayed:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CA'
stateOrProvinceName :PRINTABLE:'Quebec'
localityName :PRINTABLE:'Montreal'
organizationName :PRINTABLE:'ACME'
organizationalUnitName:PRINTABLE:'ACME'
commonName :PRINTABLE:'dita-textml.acme.local'
Certificate is to be certified until Apr 1 20:15:49 2016 GMT (365 days)
Sign the certificate? [y/n]:
-
Enter y to sign the certificate.
The following message is
displayed:
1 out of 1 certificate requests certified, commit? [y/n]
-
Enter y to commit the certificate to the database.