[Pki-users] signing a certificate request using CLI
Fortunato
fortunato.montresor at earthlink.net
Wed Apr 29 21:27:07 UTC 2009
Hello again.
In advance, I apologize for the basic questions but I'm trying to follow along with the openssl examples.
Signing a CSR is relatively easy using openssl, so I'm wondering if there's a similar CLI command (with options) in DCS.
---
# openssl ca -in /root/CA/cisco1.csr -extensions x509v3_extensions -out /root/CA/cisco1.pem -notext
Using configuration from /root/CA/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
organizationName :PRINTABLE:'Stargate Command Domain'
commonName :PRINTABLE:'cisco1.stargatecommand.mil'
Certificate is to be certified until Apr 24 17:15:41 2010 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
---
The only thing similar I can find is CMCenroll, but it looks like it can't specify the signing cert as specified in OPENSSL_CONF.
I'm doing reading on the end-entity (EE) versus agent services. Automation is great but I'd like to cover the basics using the CLI. It is Linux BTW. :)
More information about the Pki-users
mailing list