A 7.3. making a certificate request, A 7.4. signing a certificate request – SENA SS800 User Manual

134

Step 3. Check whether CA key file(demoCA/private/cakey.pem) and CA certificate

(demoCA/cacert.pem) is generated

# ls demoCA/

cacert.pem certs

crl index.txt

newcerts

private

serial

# ls demoCA/private

cakey.pem

A 7.3. Making A Certificate Request

To make new certificates, you should make a certificate request first.

# cd /work/openssl-0.9.7c/CA

Run following commands,

# openssl genrsa -out key.pem 1024

# openssl req -new -key key.pem -out req.pem

(It is assumed that you are using sample configuration file - “openssl.conf.sena” )

Using configuration from /usr/share/ssl/openssl.cnf
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]: (Enter)
State or Province Name (full name) [Minnesota]: (Enter)
Locality Name (eg, city) [Minneapolis]: (Enter)
Organization Name (eg, company) [Digi International]: (Enter)
Organizational Unit Name (eg, section) []:(Enter)
Common Name (eg, your name or your server's hostname) []:Sena VTS
Email Address []:(Enter)

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:(Press Enter – Do not enter any other characters)
An optional company name []:(Press Enter – Do not enter any other characters)

A 7.4. Signing A Certificate Request

Step 1. Signing a certificate request

# cd /work/openssl-0.9.7c/CA

# cp req.pem newreq.pem

# sh /usr/local/ssl/misc/CA.sh –sign