- Generate a key file for “Intermediate CA”
openssl genrsa -aes256 -out mid-ca/private/mid-ca.key 4096
chmod 400
- Generate a Certificate Signing Request (CSR)
openssl req -config ca/ca.conf -new -key mid-ca/private/mid-ca.key -sha256 -out mid-ca/csr/mid-ca.csr
- Sign the request file by Root-CA
openssl -config ca/ca.conf -extensions v3_mid_ca -days 3650 -notext -in mid-ca/csr/mid-ca.csr -out mid-ca/certs/mid-ca.crt
chmod 444
- Verify the content
openssl x509 -noout -text -in mid-ca/certs/mid-ca.crt
openssl veriry -CAfile ca/certs/ca.crt mid-ca/certs/mid-ca.crt
- CHECK ca/index.txt