5.4 Sign the server certificate with your own CA
Assume server request is also in the same server's
openssl ca -policy policy_anything -passin pass:democa -in
~/myCert/server_req.pem -days 8000 -out ~/myCert/server_cert.pem
Then a series of questions will be asked (details will vary in your case):
Using configuration from /usr/share/ssl/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Not Before: Aug 24 04:58:01 2005 GMT
Not After : Jul 20 04:58:01 2027 GMT
countryName = US
stateOrProvinceName = US
localityName = US
organizationName = My Company Ltd
commonName =
X509v3 extensions:
X509v3 Basic Constraints:
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
X509v3 Authority Key Identifier:
DirName:/C=US/ST=US/L=US/O=My Company Ltd/CN=demoCA
Certificate is to be certified until Jul 20 04:58:01 2027 GMT (8000 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries