# cd .../private
# openssl genrsa -out $HOSTNAME.pem 2048
# openssl req -new -sha256 -key $HOSTNAME.pem -out $HOSTNAME.req
# cat HOSTNAME.req



OpenSSL> genrsa -out cod.pem 1024
Generating RSA private key, 1024 bit long modulus
...........................++++++
..........................................++++++
e is 65537 (0x10001)

openssl req -new -key cod.pem -out cod.req


==== then, on the CA

./SSWCA -signreq req/stephenson.req

....

istari-[/corp/security/certs] mcr 1020 %./SSWCA -signreq req/stephenson.req
Using configuration from /corp/security/certs/openssl.cnf
Enter PEM pass phrase:
Check that the request matches the signature
Signature ok
The Subjects Distinguished Name is as follows
countryName           :PRINTABLE:'CA'
stateOrProvinceName   :PRINTABLE:'Ontario'
localityName          :PRINTABLE:'Hamilton'
organizationName      :PRINTABLE:'Sandelman Software Works Corporation'
organizationalUnitName:PRINTABLE:'IRC servers are us'
commonName            :PRINTABLE:'stephenson.sandelman.ca'
emailAddress          :IA5STRING:'stephenson.sandelman.ca'
Certificate is to be certified until Jun 29 21:32:09 2004 GMT (365 days)
Sign the certificate? [y/n]:y

Copy certificate to client.



======

(10:52:30) mcr: they create a certificate, and send that back to you.
(10:53:05) mcr: client# openssl genrsa -out oceania.pem 1024
(10:53:11) mcr: client# openssl req -new -key oceania.pem -out oceania.req
(10:53:22) mcr: send only oceania.req to CA.
(10:53:33) zacs: that's not how i remember it, but admittedly it's been a while and mcr knows more than i
(10:54:35) mcr: CA# openssl ca -config whatever.cnf -policy policy_anything
-out newcert.pem -days 365 -infiles oceania.req