Follow these instructions to create a certificate signing request and then use the intermediate CA certificate and its key to sign the leaf certificate in the request.
-
Create a server-csr.conf: /src/main/resources/certs/server-csr.conf
-
Run the following command to create a certificate signing request with the new private key:
openssl req -new -config server-csr.conf -out server.csr \
-keyout server.key-
Create a new CA.conf configuration file as /src/main/resources/certs/CA.conf
-
Run the following command to sign the server certificate in the request with the intermediate CA certificate:
openssl ca -config CA.conf -days 365 -create_serial \
-in server.csr -out server.crt -extensions leaf_ext -notext- Link certificates together to have the certificate chain in one file:
cat server.crt CA/CA.pem >server.pem