Step 2: Create the server's certificate and private key
The server's certificate identifies the server as trusted by any client that connects to it.
- Create the server's serial file:
$ echo 01 > MyServer.srl
- Create the server's Certificate Signing Request and private
key:
$ openssl req -new -out MyServer.csr
Note: By default, openssl outputs the private key in the privkey.pem file. - Remove the password from the private
key:
$ openssl rsa -in privkey.pem -out MyServer.pem
Note: The key is also renamed in MyServer.pem. - Create the server's Certificate trusted by the Root Certificate
Authority:
$ openssl x509 -in MyServer.csr -out MyServer.crt -req -signkey MyServer.pem -CA MyCompanyCA.crt -CAkey MyCompanyCA.pem
Note: The purpose of the server's Certificate is to identify the server to any client
that connects to it. Therefore, the subject of that server's certificate must match the host name
of the server as it is known on the network; otherwise the client will not trust the server's
identity and the communication is stopped. For instance, if the URL of the server is
https://www.MyServer.com/fastcgi/ws/r/MyWebService, the subject must be
www.MyServer.com.
In the next step we create the server's certificate authority list, Step 3: Create the server's certificate authority list.