Anchor
signing_ca_certificate signing_ca_certificate

Creating the Signing CA Certificate

The first step includes to create the signing-ca.key private key file and the signing-ca.crt self-signed certificate file for the Signing CA both in PEM format. This step is performed just once.

...

• Country Name: a 2 letter country code is expected as stated for example with https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2
• State or Province Name: the name of a state is expected
• Locality Name:  the name of a city is expected
• Organization Name: arbitrary input is allowed
• Organizational Unit Name: arbitrary input is allowed
• Common Name: an arbitrary name can be chosen as the name of the Root CA
• Email Address: empty input is allowed

Anchor
server_certificate server_certificate

Creating a Signing Certificate

For a new signing certificate the steps include to create a private key and Certificate Signing Request (CSR). The resulting signing certificate will be signed by the Signing CA.

...

[ req ]
prompt             = no
distinguished_name = standard dn

[ standard dn ]
            commonName = signing
           countryName = DE
          localityName = Berlin
      organizationName = SOS
organizationalUnitName = IT
   stateOrProvinceName = Berlin

[ standard exts ]
keyUsage = critical, nonRepudiation, digitalSignature

# see x509v3_config for other extensions

Resources