Mark,
I am not sure why you would want to sign the private key but I am sure
there might be a reason some where.
All you should need to sign is the certificate request (cert.req) after
signing the certificate request it is likely that you will want to put
your related certificates and keys into some storage format such as a
pkcs12 keystore. You don't have to include the CA public certificate
but it is good if you are creating a keystore to include all of the
public certificates in the store up to some trust point (Trusted CA or
self signed Root cert).
cat CA_public_cert.pem new_cert.pem new_cert_private_key.pem >> new_cert.pem
openssl pkcs12 -export -in new_cert.pem -out new_cert.p12
This p12 file should contain all of the information need to create an
ssl connection.
Perry
Mark wrote:
Hi Dinesh & All,
Now the different files u need to create for setting up the CA,
ok, I think understand the purpose of the files cacert.pem (public key),
private/cakey.pem (private key), index.txt and serial.
What I don't understand is what files require signing and what to do
with the private keys that are created as a result of a request.
I have seen many examples which differ. For example some examples
take the root CA public and private keys and concatenate them
before signing them both. What is the reason for this?
In addition I am not sure what is involved in creating a certificate for
the client.
I have more questions but I'll leave these for now.
TIA, Mark.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
