Create a “Intermediate CA” certificate

1. Generate a key file for “Intermediate CA”

openssl genrsa -aes256 -out mid-ca/private/mid-ca.key 4096

2. Change the permission of mid-ca.key

chmod 400 mid-ca/private/mid-ca.key

3. Generate a Certificate Signing Request (CSR)

openssl req -config ca/ca.conf -new -key mid-ca/private/mid-ca.key -sha256 -out mid-ca/csr/mid-ca.csr

4. Sign the request file by Root-CA

openssl ca -config ca/ca.conf -extensions v3_mid_ca -days 3650 -notext -in mid-ca/csr/mid-ca.csr -out mid-ca/certs/mid-ca.crt

5. Change the permission of mid-ca.crt

chmod 444 mid-ca/certs/mid-ca.crt

6. Check a backup file created in newcerts dirctory

7. Verify the content

openssl x509 -noout -text -in mid-ca/certs/mid-ca.crt

8. CHECK ca/index.txt

See also:

OpenSSL - Initial Setup

OpenSSL (1) - Root CA

OpenSSL (2) - Intermediate CA

OpenSSL (3) - Server Certificate

OpenSSL (4) - Client Certificate

OpenSSL - Verify Certificate

OpenSSL - Revoke Certificate