# cd .../private # openssl genrsa -out $HOSTNAME.pem 2048 # openssl req -new -sha256 -key $HOSTNAME.pem -out $HOSTNAME.req # cat HOSTNAME.req OpenSSL> genrsa -out cod.pem 1024 Generating RSA private key, 1024 bit long modulus ...........................++++++ ..........................................++++++ e is 65537 (0x10001) openssl req -new -key cod.pem -out cod.req ==== then, on the CA ./SSWCA -signreq req/stephenson.req .... istari-[/corp/security/certs] mcr 1020 %./SSWCA -signreq req/stephenson.req Using configuration from /corp/security/certs/openssl.cnf Enter PEM pass phrase: Check that the request matches the signature Signature ok The Subjects Distinguished Name is as follows countryName :PRINTABLE:'CA' stateOrProvinceName :PRINTABLE:'Ontario' localityName :PRINTABLE:'Hamilton' organizationName :PRINTABLE:'Sandelman Software Works Corporation' organizationalUnitName:PRINTABLE:'IRC servers are us' commonName :PRINTABLE:'stephenson.sandelman.ca' emailAddress :IA5STRING:'stephenson.sandelman.ca' Certificate is to be certified until Jun 29 21:32:09 2004 GMT (365 days) Sign the certificate? [y/n]:y Copy certificate to client. ====== (10:52:30) mcr: they create a certificate, and send that back to you. (10:53:05) mcr: client# openssl genrsa -out oceania.pem 1024 (10:53:11) mcr: client# openssl req -new -key oceania.pem -out oceania.req (10:53:22) mcr: send only oceania.req to CA. (10:53:33) zacs: that's not how i remember it, but admittedly it's been a while and mcr knows more than i (10:54:35) mcr: CA# openssl ca -config whatever.cnf -policy policy_anything -out newcert.pem -days 365 -infiles oceania.req