Build your own CA to sign the certificate
This series of articles is divided into three parts: build your own certificate issuing service, generate a certificate request, and sign the generated certificate request through the self-built CA and finally apply it to the service,
This article describes how to use the CA Service in the previous article to sign the certificate.
This article assumes that you have read the first two articles and make sure the following paths are met:
The private key of CA is in the/home/cg/myca/private/directory/
CA root certificate in/home/cg/myca/certs/
The ca configuration file is in/home/cg/myca/conf/
Serial in/home/cg/myca/
Index.txt in/home/cg/myca/
Copy the csr file (see the csr generated in the second article) csr. server1.pem to the/home/cg/myca/csr/directory
Sign the csr:
Openssl x509-days 3650-CA certs/crt. ca. cg. pem-CAkey private/key. ca. cg. pem-req-in csr/csr. server1.pem-outform PEM-out certs/crt. server1.pem-CAserial serial
Final file certs/crt. server1.pem
That is, the generated signature certificate.
This file and private/key. ca. cg. pem constitute the Security Authentication System of the service.