Creating Self Signed CA Signing Certificate with PKI NSS - dogtagpki/pki GitHub Wiki

Issuing Certificate

To issue a certificate, prepare a certificate extension configuration in a file (e.g. /usr/share/pki/server/certs/ca_signing.conf):

basicConstraints       = critical, CA:TRUE
subjectKeyIdentifier   = hash
keyUsage               = critical, digitalSignature, nonRepudiation, keyCertSign, cRLSign

To issue a self-signed certificate:

$ pki nss-cert-request \
    --subject "CN=Certificate Authority" \
    --ext /usr/share/pki/server/certs/ca_signing.conf \
    --csr ca_signing.csr
$ pki nss-cert-issue \
    --csr ca_signing.csr \
    --ext /usr/share/pki/server/certs/ca_signing.conf \
    --cert ca_signing.crt

Availability: PKI 10.9

See Also

Tip	To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.

⚠️ GitHub.com Fallback ⚠️