- Create the server's serial file:
$ echo 01 > MyServer.srl
- Create the server's Certificate Signing Request and private key:
$ openssl req -new -out MyServer.csr
Note: By default, openssl outputs the private key in the privkey.pem file.
- Remove the password from the private key:
$ openssl rsa -in privkey.pem -out MyServer.pem
Note: The key is also renamed in MyServer.pem.
- Create the server's Certificate trusted by the Root Certificate Authority:
$ openssl x509 -in MyServer.csr -out MyServer.crt
-req -signkey MyServer.pem -CA MyCompanyCA.crt -CAkey MyCompanyCA.pem
Note: The purpose of the server's Certificate is to identify the server to any client that connects to it. Therefore, the subject of that server's certificate must match the hostname of the server as it is known on the network; otherwise the client will be suspicious about the server's identity and stop the communication. For instance, if the URL of the server is https:///www.MyServer.com/cgi-bin/fglccgi.exe/ws/r/MyWebService, the subject must be www.MyServer.com.