Step 2: Create the server's certificate and private key
The server's certificate identifies the server as trusted by any client that connects to it.
- Create the server's serial file:
$ echo 01 > MyServer.srl
- Create the server's Certificate Signing Request and private key:
$ openssl req -new -out MyServer.csr
By default, openssl outputs the private key in the privkey.pem file.
- Remove the password from the private
key:
$ openssl rsa -in privkey.pem -out MyServer.pem
The key is also renamed MyServer.pem.
- Create the server's Certificate trusted by the Root Certificate
Authority:
$ openssl x509 -in MyServer.csr -out MyServer.crt -req -CA MyCompanyCA.crt -CAkey MyCompanyCA.pem
The purpose of the server's Certificate is to identify the server to any client that connects to it. Therefore, the subject of that server's certificate must match the host name of the server as it is known on the network; otherwise, the client will not trust the server's identity and the communication is stopped. For instance, if the URL of the server is https://www.MyServer.com/fastcgi/ws/r/MyWebService, the subject must be www.MyServer.com.
In the next step we create the server's certificate authority list, Step 3: Create the server's certificate authority list.