Sign the CA

To complete the process of being your own root CA, you must sign the certificate of authenticity.

To sign the CA, you must use some of the files you just created.
  • textml_root_cert.pem is the TEXTML Server root certificate
  • textml_root_privatekey.pem is the private key specific to the TEXTML Server root CA
  • textml_csr.pemis the Certificate Signing Request (CSR)

To sign the CA:

  1. In the openssl directory, run the openssl ca command. 
    openssl ca -out CA/newcerts/textml_signed_cert.pem -config ./openssl.cnf -cert CA/newcerts/textml_root_cert.pem -keyfile CA/private/textml_root_privatekey.pem -infiles CA/newcerts/textml_csr.pem
  2. In the resulting message, enter the pass phrase that you used to create the root certificate and press Enter.
    A message displays that requests you sign the certificate.
    Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'CA'
stateOrProvinceName   :PRINTABLE:'Quebec'
localityName          :PRINTABLE:'Montreal'
organizationName      :PRINTABLE:'ACME'
organizationalUnitName:PRINTABLE:'ACME'
commonName            :PRINTABLE:'dita-textml.acme.local'
Certificate is to be certified until Apr  1 20:15:49 2016 GMT (365 days)
Sign the certificate? [y/n]:
  3. Enter y to sign the certificate.
    The following message displays:
    1 out of 1 certificate requests certified, commit? [y/n]
  4. In the resulting message, enter y to commit the certificate to the database.
This was the final sub-step in being your own root CA. Proceed to Step 2: Install a signed CA on IXIA TEXTML Server.