Open a terminal window and give yourselfsuperuser privileges (Michigan web site)
Open a terminal window and give yourselfsuperuser privileges with the su -command: $ su - Password: # 2.Move to the directory that contains the CAshell script: # cd /usr/share/ssl/misc3.Type in the following command: # openssl ca -policy policy_anything \ -in filename.csr \ -out filename.crtSubstitute the CSR name where you see filename.csrand the desired certificate namewhere you see filename.crt. For example, if youwant to sign the CSR for your own Apache Webserver, you would type this: # openssl ca -policy policy_anything \ -in /etc/httpd/conf/ssl.csr/server. csr\ -out /etc/httpd/conf/ssl.crt/server. crtNext, the opensslprogram asks for the pass- phrase that protects your CA s private key: Enter passphrase for ./dem… /cakey.pem: 4.Type in the password that you assigned whenyou created the CA and press Enter. openssldisplays the content of the CSR (inhuman-readable form) and asks if you want tosign the certificate. 5.Look over the content, and if the informationlooks correct, press Y and then Enter to sign it. 6.opensslasks if you want to commit yourchanges to the CA database: Press Y and thenEnter to finish. That s it! The new, signed certificate is saved in thefile that you specified. If you signed the certificatefor another user, e-mail the certificate to the recipi- ent. If you signed a certificate that you want to use inOn Mandrake and SuSE systems, use this com- mand instead: # ./CA.sh -newcaThe CA script now asks you a series of questions, most of which will be familiar by now. The firststep in creating the CA infrastructure is to createa new, self-signed certificate. You re promptedfor an existing CA certificate: CA certificate filename (or enter to create) 4.Just press Enter to create a new certificate. 5.Enter a passphrase that will protect your CA sprivate key: Making CA certificate … Generating a 1024 bit RSA private key……………..++++++ writing new private key to ./demoCA/private/./cakey.pem Enter PEM pass phrase: Verifying - Enter PEM pass phrase: 6.The CA script prompts you for the same bits ofinformation that you provide when creating aself-signed certificate or a certificate signingrequest. Answer each question in turn. After you ve answered the last question, the CA script creates a self-signed certificate in./demoCA/cacert.pem. Take a peek at this certificate with the following command: # openssl x509 -in demoCA/cacert.pem -textNotice that the issuer and the subject are identical that tells you that this is a self-signed certificate. Signing a CSRWhen you have a CA up and running, you can startto sign CSRs (converting them from requests intoactual certificates). To sign a CSR, follow these steps:
Looking for affordable and reliable webhost to host and run your business application? Then look no more and go to servlet web hosting services.