[Pki-users] signing a certificate request using CLI

Fortunato fortunato.montresor at earthlink.net
Wed Apr 29 21:27:07 UTC 2009


Hello again. 

In advance, I apologize for the basic questions but I'm trying to follow along with the openssl examples.

Signing a CSR is relatively easy using openssl, so I'm wondering if there's a similar CLI command (with options) in DCS.

---

  # openssl ca -in /root/CA/cisco1.csr -extensions x509v3_extensions -out /root/CA/cisco1.pem -notext
  Using configuration from /root/CA/openssl.cnf
  Check that the request matches the signature
  Signature ok
  The Subject's Distinguished Name is as follows
  organizationName      :PRINTABLE:'Stargate Command Domain'
  commonName            :PRINTABLE:'cisco1.stargatecommand.mil'
  Certificate is to be certified until Apr 24 17:15:41 2010 GMT (365 days)
  Sign the certificate? [y/n]:y


  1 out of 1 certificate requests certified, commit? [y/n]y
  Write out database with 1 new entries
  Data Base Updated

---

The only thing similar I can find is CMCenroll, but it looks like it can't specify the signing cert as specified in OPENSSL_CONF.

I'm doing reading on the end-entity (EE) versus agent services. Automation is great but I'd like to cover the basics using the CLI. It is Linux BTW. :)





More information about the Pki-users mailing list