The following sections describe the steps you must perform
to create a certificate chain. Before you create the chain, you
must have the following certificates:
Creating a Client/Server
Certificate Signed with an Intermediate CA Certificate |
 |
After you create an intermediate CA certificate (described
in the previous section), create a client/server certificate as
follows:
Create a certificate signing
request. (Select menu item 3 in the Certificate Tool Main Menu.)
Sign the certificate signing request with the intermediate
CA certificate. (Select menu item 6 in the Certificate Tool Main
Menu.)
Encrypting the private key
is not required for creating a client/server certificate. However,
if the key is encrypted, you can also use the certificate as an
intermedicate CA certificate with which another certificate will
be signed.
Creating a Certificate
Chain File |
|
Some OpenSSL APIs require a certificate chain file. This file
contains certificates that form the certificate chain (from the
client/server certificate to the root CA certificate).
To create a certificate chain file, append the certificates
of intermediate CA(s) and the root CA to the client/server certificate.
The order in the file can be expressed as follows:
client/server cert >>> intermediate
CA1 >>> intermediate CA2 >>> root
CA
Enter the following command to create a certificate chain
file:
$ COPY CLIENT_CERT.PEM, INTER_CA1.PEM, INTER_CA2.PEM, -
_$ ROOT_CA.PEM, CERT_CHAIN.PEM |
