Signing the AE Services server CSR

Last Updated : Oct 24, 2019 |

About this task

By using the server where the CA certificate was created, sign the AE Services server CSR as follows:

Change directories to the certificates home directory, for example cd /certificates
Create a serial number for the certificate by using the following command:
```
tr -c -d 0-9 < /dev/urandom | head -c 10  > ./CA/serial
```
Sign the CSR by using the following command:
```
openssl ca -config openssl.cnf -days 730 -out myserver.crt -infiles myserver.req
```
The openssl.cnf file will be used to apply some configuration options. The signed public certificate will expire in 2 years. In order to change the expiration modify the option –days. The certificate will be saved in the file myserver.crt. The CSR is in the file myserver.req. You will be asked for the CA root key password to sign the CSR and confirmation to sign and commit the request.
View the contents of the newly signed public server certificate with the following command:
```
openssl x509 -in ./ myserver.crt -text –noout
```

Send Feedback