Creating Self Signed CA Signing Certificate with PKI NSS - dogtagpki/pki GitHub Wiki
To issue a certificate, prepare a certificate extension configuration in a file (e.g. /usr/share/pki/server/certs/ca_signing.conf):
basicConstraints = critical, CA:TRUE subjectKeyIdentifier = hash keyUsage = critical, digitalSignature, nonRepudiation, keyCertSign, cRLSign
To issue a self-signed certificate:
$ pki nss-cert-request \ --subject "CN=Certificate Authority" \ --ext /usr/share/pki/server/certs/ca_signing.conf \ --csr ca_signing.csr $ pki nss-cert-issue \ --csr ca_signing.csr \ --ext /usr/share/pki/server/certs/ca_signing.conf \ --cert ca_signing.crt
Availability: PKI 10.9