- Generate a key file for “Intermediate CA”
openssl genrsa -aes256 -out mid-ca/private/mid-ca.key 4096
- Change the permission of mid-ca.key
chmod 400 mid-ca/private/mid-ca.key
- Generate a Certificate Signing Request (CSR)
openssl req -config ca/ca.conf -new -key mid-ca/private/mid-ca.key -sha256 -out mid-ca/csr/mid-ca.csr
- Sign the request file by Root-CA
openssl ca -config ca/ca.conf -extensions v3_mid_ca -days 3650 -notext -in mid-ca/csr/mid-ca.csr -out mid-ca/certs/mid-ca.crt
- Change the permission of mid-ca.crt
chmod 444 mid-ca/certs/mid-ca.crt
- Check a backup file created in newcerts dirctory
- Verify the content
openssl x509 -noout -text -in mid-ca/certs/mid-ca.crt
- CHECK ca/index.txt
