On Thu, Oct 28, 2004, Ronan wrote: > > > Dr. Stephen Henson wrote: > >On Wed, Oct 27, 2004, Ronan wrote: > > > > > >>> > >>>I'd suggest you use the CA.pl script instead. That should make things > >>>much > >>>easier. > >>> > >> > >>i have a csr (in pem format(by default)) and a key > >> > >>I want to sign the csr with my domains root CA > >> > > > > > >Where is this root CA and key? If it has been created by OpenSSL you can > >concatenate the key and certificate into a PEM file and supply that new > >when > >you call CA.pl -newca. > > > ok the root CA and key are stored on one machine / soalris. > > the csr and key for the server i want to install the certificate on is > also on this local machine. > > so if i cat the root CA and the root key into a pem file and then run > CA.pl -newca > > what does this give me??? >
It sets up the CA structure to allow the 'ca' command to work and the CA.pl wrapper script. If you now have the certificate request in a file called "newreq.pem" you should be able to do: CA.pl -sign which should prompt you appropriately and sign the request creating a new certificate. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
