On Tue, Aug 19, 2003, Rohan Pinto wrote: > This is the part that i would need help on. I have created a root > certificate, I've imported that into all my web browsers and also on the > webserver. I have also crested a cSR from the webserver. I dont know how to > sign the CSR .... If I could get some advise on jow to sign a CSR i would at > leats get an understanding of the flow. From what i have understood so > far... I used the rootCA private key while signing the CSR. The webservers > public key is sittign somewhere on the webserver. i would need to use that > key to sign the CSR. The question is. how do i get that key?. Also.... I am > confused as i believed that the webservers key would be embedded in the CSR. >
This normally involves using the 'ca' utility, before you do that a certain directory structure needs to be set up. This is documented in the ca manual page. However its easier to use the CA.pl script this can create the root CA and directory structure and sign the request among other things. Something like: CA.pl -newca <move server request to newreq.pem> CA.pl -sign new cert is then in newcert.pem Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
