Table of Contents / Create the Intermediate CA
-
Create the Intermediate private key
cd into the folder:
cd C:\Certificates\DoD\CA\IntermediateCreate the private key:
openssl genrsa -aes256 -out private/intermediate.key 4096Enter a strong password.
-
Create a signing request for the root CA to sign and issue your intermediate cert:
openssl req -config intermediateca.cnf -new -sha256 -key private/intermediate.key -out csr/intermediate.csr.pemMost of the options need to match the Root CA.
Common Name, however must be different than the Root CA. UseDoD Intermediate CAforCommon Name. -
Now to create the Intermediate CA public Key, you must sign it using the root CA.
-
cd into the Root CA folder:
cd .. -
Create the cert using the CSR:
openssl ca -config rootca.cnf -extensions v3_intermediate_ca -days 730 -notext -md sha256 -in Intermediate/csr/intermediate.csr.pem -out Intermediate/public/intermediate.cer
Note: You need to enter the Root CA's password here because the Root CA is signing the Intermediate CA.
Select
yto sign the certificate.Select
yto commit the certificate into the database.This will create the cert, and add the cert to the index, if its the first cert it will throw a minor error while adding it to the index and then create the index for you.
-
-
Verify the CERT:
cd back into the Intermediate directory:
cd IntermediateVerify the cert:
openssl x509 -noout -text -in public/intermediate.cer
Next: Create a Server Certificate
Table of Contents / Create the Intermediate CA