CORBA 2.6 Administration Guide
The script creates the following directories and files:
Pathname/Filename Purpose
name.csr
The Certificate Signing Request (CSR).
toyCA/private/name.key
The newly generated private key for name.
signreq Script
The signreq script takes a CSR file as input and creates a new certificate. To run the script, type:
signreq name.csr
where name.csr is the CSR you created previously.
Example 6.3. Sample signreq Run
Create a certificate from a CSR.
Using configuration from toyCA.cnf
Enter PEM pass phrase:
Check that the request matches the signature
Signature OK
The Subjects Distinguished Name is as follows:
countryName :PRINTABLE:US
stateOrProvinceName :PRINTABLE:California
localityName :PRINTABLE:Cupertino
organizationName :PRINTABLE:Hewlett-Packard
organizationalUnitName :PRINTABLE:NonStop
commonName :PRINTABLE:Toy CA
emailAddress :IA5STRING:john.doe@hp.com
Certificate is to be certified until Jan 16 01:37:44 2004 GMT (365 days)
Sign this certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]:y
Write out database with 1 new entries
Data base updated
The script creates the following directories and files:
Pathname/Filename Purpose
name.cert.pem
The new certificate
toyCA/certindex.txt
A new entry added for the newly created certificate
toyCA/certs/01.pem
A copy of the new certificate stored under its serial number
toyCA/serial
The updated new next serial number.
pkcs12 Script
The pkcs12 script takes a certificate file as input and bundles it with the certificates associated private key and the CAs certificate.
The output bundle is in the PKCS#12 format which is a DER coded file. To run the script, type:
pkcs12 name.cert.pem
where name.cert.pem is the new certificate you created previously.
Example 6.4. Sample pkcs12 Run
Create a PKCS#12 file.
Enter PEM pass phrase:
Enter Export Password:
Verifying password - Enter Export Password:
Now creating a PEM version of the pkcs12 file.
Enter import Password:
MAC verified OK