-
Notifications
You must be signed in to change notification settings - Fork 138
Issuing KRA Storage Certificate with NSS
Endi S. Dewata edited this page Dec 4, 2020
·
3 revisions
This page describes the process to sign the KRA storage CSR and issue the certificate using NSS.
This page assumes an NSS database has been created as follows:
$ echo Secret.123 > password.txt $ openssl rand -out noise.bin 2048 $ mkdir nssdb $ certutil -N -d nssdb -f password.txt
It also assumes a CA signing certificate is present in the NSS database.
Sign the CSR with the CA signing certificate with the following commands:
$ CA_SKID=... $ OCSP=... $ echo -e "y\n\ny\ny\n${CA_SKID}\n\n\n\n2\n7\n${OCSP}\n\n\n\n" | \ certutil -C \ -d nssdb \ -f password.txt \ -m $RANDOM \ -a \ -i kra_storage.csr \ -o kra_storage.crt \ -c "ca_signing" \ -3 \ --extAIA \ --keyUsage critical,dataEncipherment,keyEncipherment,digitalSignature,nonRepudiation \ --extKeyUsage clientAuth
It will generate the KRA storage certificate in kra_storage.crt.
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |