Signing CSR which is in PKCS10 using Openssl tool in CentOS-7
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Signing CSR which is in PKCS10 using Openssl tool in CentOS-7
I have created my own CA in CentOS 7.
I need to sign digital certificates. I have signed SSL certs which working fine in CentOS webservers apache and nginx.
Now I need to sign a CSR which is in pkcs10 format generated from Oracle Wallet Manager for at Oracle 11 g Server. When export OWM csr to my CentOS CA, it is not being signed using openssl tool. it gives error private key not matched.
I don't get which arguments and options to use with openssl to sign pkcs10 csr. Need your help to get it done.
Please post the commands that you are using, and the verbatim text of the error-messages you are receiving.
Also, check the first few lines of each certificate file ... the first line is usually English descriptive text ... and show us a copy of, say, the first two lines of the file and tell us its total file-size in bytes.
Of course, do not post complete certificates, actual pass-phrases (if any), nor anything else that could be considered compromising. Just enough to let us see for ourselves, in detail, what you are actually trying to do.
Please post the commands that you are using, and the verbatim text of the error-messages you are receiving.
Also, check the first few lines of each certificate file ... the first line is usually English descriptive text ... and show us a copy of, say, the first two lines of the file and tell us its total file-size in bytes.
Of course, do not post complete certificates, actual pass-phrases (if any), nor anything else that could be considered compromising. Just enough to let us see for ourselves, in detail, what you are actually trying to do.
This is the command and outpu of it. openssl ca -config openssl.cnf -extensions usr_cert -days 375 -notext -md md5 -in owm.csr -out ca/intermediate/certs/owm.cert Using configuration from ca/intermediate/openssl.cnf
Enter pass phrase for intermediate.key.pem:
Check that the request matches the signature
Signature verification problems....
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.