Using CA to sign our CSR
Note that the CSR file
generated in previous tutorial has arrived to CA. Now the CA will sign the CSR
file.
Here is the content of CSR file
named as ClientCertificate_csr.pem
-----BEGIN NEW CERTIFICATE REQUEST-----
MIICXzCCAh0CAQAwWjELMAkGA1UEBhMCSU4xFDASBgNVBAgTC01haGFyYXNodHJhMQ0wCwYDVQQK
EwRTU1BMMRAwDgYDVQQLEwdTU1BMIE9VMRQwEgYDVQQDEwtleGFtcGxlLmNvbTCCAbgwggEsBgcq
hkjOOAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6
v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPF
HsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1AoGBAPfh
oIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88J
MozIpuE8FnqLVHyNKOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2Ze
gHtVJWQBTDv+z0kqA4GFAAKBgQC7lgoimVAL4UcigXU0moV+F21y5hFy1IxpbFXneOVBTNtTVEBK
/HHnXqqOZY/zt4pZAzxREznd6N8OQ/jMiQloCqdBbkBJB/wFBBQWu2LNje1w9xeBCXxTHZCDHPIS
MmSvXBle8Ea8Dx4XHc/YElj2Mh+nJJrjbD3z7LD75Rky3KAAMAsGByqGSM44BAMFAAMvADAsAhRB
e3g6WqpdjFl7n9W92kXDEUe4IgIUWDagaMduPq+qx2/jsfjfFdrgxXU=
-----END NEW CERTIFICATE REQUEST-----
Generate a signed certificate for the associated
Certificate Signing Request.
CA uses the following command to sign the CSR file
openssl ca -config
openssl.cnf -in certs/ClientCertificate_c
sr.pem -out client.cer -days 365
Above command will create a client.cer file
Note that CA has kept the ClientCertificate_csr.pem
inside certs folder in X509CA directory
Convert to PEM format
Use the following command to
convert the client.cer so generated to PEM only
format
openssl x509 -in client.cer -out CertName.pem
-outform PEM
Above command will generate a csr file named as ClientCertificate_csr.pem
Content of ClientCertificate_csr.pem
-----BEGIN NEW CERTIFICATE REQUEST-----
MIICXzCCAh0CAQAwWjELMAkGA1UEBhMCSU4xFDASBgNVBAgTC01haGFyYXNodHJhMQ0wCwYDVQQK
EwRTU1BMMRAwDgYDVQQLEwdTU1BMIE9VMRQwEgYDVQQDEwtleGFtcGxlLmNvbTCCAbgwggEsBgcq
hkjOOAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6
v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPF
HsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1AoGBAPfh
oIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88J
MozIpuE8FnqLVHyNKOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2Ze
gHtVJWQBTDv+z0kqA4GFAAKBgQC7lgoimVAL4UcigXU0moV+F21y5hFy1IxpbFXneOVBTNtTVEBK
/HHnXqqOZY/zt4pZAzxREznd6N8OQ/jMiQloCqdBbkBJB/wFBBQWu2LNje1w9xeBCXxTHZCDHPIS
MmSvXBle8Ea8Dx4XHc/YElj2Mh+nJJrjbD3z7LD75Rky3KAAMAsGByqGSM44BAMFAAMvADAsAhRB
e3g6WqpdjFl7n9W92kXDEUe4IgIUWDagaMduPq+qx2/jsfjfFdrgxXU=
-----END NEW CERTIFICATE REQUEST-----
Generate a signed certificate for the associated
Certificate Signing Request.
CA uses the following command to sign the CSR file
openssl ca -config
openssl.cnf -in certs/ClientCertificate_c
sr.pem -out client.cer -days 365
Now the CA has signed the CSR and will give the signed file to
the client
2 comments:
Error in first command, system library: No such process .\crypto\bio\bss_file.c
here in last step CA uses the following command to sign the CSR file
openssl ca -config openssl.cnf -in certs/ClientCertificate_c
sr.pem -out client.cer -days 365
getting errror: failed to udate database
TXT_DB error number 2
Post a Comment