[root@centos6 tmp]# [root@centos6 tmp]# openssl genrsa -aes256 -passout pass:Passw0rd-ic@ -out TrustMe_ICA.key 2048 Generating RSA private key, 2048 bit long modulus .................+++ ........+++ e is 65537 (0x10001) [root@centos6 tmp]# [root@centos6 tmp]# ls -l total 12 -rw-r--r--. 1 root root 1766 Jul 31 02:12 TrustMe_ICA.key -rw-r--r--. 1 root root 1590 Jul 31 02:04 TrustMe_RCA.crt -rw-r--r--. 1 root root 1766 Jul 31 02:03 TrustMe_RCA.key [root@centos6 tmp]# [root@centos6 tmp]# openssl req -new -sha256 -key TrustMe_ICA.key -out TrustMe_ICA.csr Enter pass phrase for TrustMe_ICA.key: Passw0rd-ic@ You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:SG State or Province Name (full name) []: Locality Name (eg, city) [Default City]:Singapore Organization Name (eg, company) [Default Company Ltd]:TrustMe, Inc. Organizational Unit Name (eg, section) []:(c) 2014 TrustMe, Inc. - for authorized use only Common Name (eg, your name or your server's hostname) []:TrustMe Intermediate CA L1M Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: [root@centos6 tmp]# [root@centos6 tmp]# ls -l total 16 -rw-r--r--. 1 root root 1074 Jul 31 02:13 TrustMe_ICA.csr -rw-r--r--. 1 root root 1766 Jul 31 02:12 TrustMe_ICA.key -rw-r--r--. 1 root root 1590 Jul 31 02:04 TrustMe_RCA.crt -rw-r--r--. 1 root root 1766 Jul 31 02:03 TrustMe_RCA.key [root@centos6 tmp]# [root@centos6 tmp]# vi TrustMe_ICA.ext [root@centos6 tmp]# [root@centos6 tmp]# ls -l total 20 -rw-r--r--. 1 root root 1074 Jul 31 02:13 TrustMe_ICA.csr -rw-r--r--. 1 root root 457 Jul 31 02:15 TrustMe_ICA.ext -rw-r--r--. 1 root root 1766 Jul 31 02:12 TrustMe_ICA.key -rw-r--r--. 1 root root 1590 Jul 31 02:04 TrustMe_RCA.crt -rw-r--r--. 1 root root 1766 Jul 31 02:03 TrustMe_RCA.key [root@centos6 tmp]# [root@centos6 tmp]# cat TrustMe_ICA.ext # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer basicConstraints=CA:TRUE,pathlen:0 keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyCertSign, cRLSign extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection subjectAltName = @alt_names [alt_names] DNS.1 = TrustMe Intermediate CA L1-1M DNS.2 = TrustMe Intermediate CA L1-2M [root@centos6 tmp]# [root@centos6 tmp]# openssl x509 -req -in TrustMe_ICA.csr -CA TrustMe_RCA.crt -CAkey TrustMe_RCA.key -CAcreateserial -out TrustMe_ICA.crt -days 3650 -sha256 -extfile TrustMe_ICA.ext Signature ok subject=/C=SG/L=Singapore/O=TrustMe, Inc./OU=(c) 2014 TrustMe, Inc. - for authorized use only/CN=TrustMe Intermediate CA L1M Getting CA Private Key Enter pass phrase for TrustMe_RCA.key: Passw0rd-rc@ [root@centos6 tmp]# [root@centos6 tmp]# ls -l total 28 -rw-r--r--. 1 root root 1635 Jul 31 02:15 TrustMe_ICA.crt -rw-r--r--. 1 root root 1074 Jul 31 02:13 TrustMe_ICA.csr -rw-r--r--. 1 root root 457 Jul 31 02:15 TrustMe_ICA.ext -rw-r--r--. 1 root root 1766 Jul 31 02:12 TrustMe_ICA.key -rw-r--r--. 1 root root 1590 Jul 31 02:04 TrustMe_RCA.crt -rw-r--r--. 1 root root 1766 Jul 31 02:03 TrustMe_RCA.key -rw-r--r--. 1 root root 17 Jul 31 02:15 TrustMe_RCA.srl [root@centos6 tmp]# [root@centos6 tmp]# cat TrustMe_RCA.srl E8EBF5476C013809 [root@centos6 tmp]#