-
Notifications
You must be signed in to change notification settings - Fork 137
Creating Self Signed CA Signing Certificate with PKI NSS
Endi S. Dewata edited this page Mar 24, 2021
·
3 revisions
To issue a certificate, prepare a certificate extension configuration in a file (e.g. /usr/share/pki/server/certs/ca_signing.conf):
basicConstraints = critical, CA:TRUE subjectKeyIdentifier = hash keyUsage = critical, digitalSignature, nonRepudiation, keyCertSign, cRLSign
To issue a self-signed certificate:
$ pki nss-cert-request \
--subject "CN=Certificate Authority" \
--ext /usr/share/pki/server/certs/ca_signing.conf \
--csr ca_signing.csr
$ pki nss-cert-issue \
--csr ca_signing.csr \
--ext /usr/share/pki/server/certs/ca_signing.conf \
--cert ca_signing.crt
Availability: PKI 10.9
|
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |