HP OpenVMS Systems Documentation

Content starts here
HP Open Source Security for OpenVMS Volume 2: HP SSL for OpenVMS > Chapter 3 Using the Certificate Tool

Sign a Certificate Signing Request

  Table of Contents


Signing someone else's certificate signing request is the function of a certificate authority. When you send a signed certificate back, it can be used to start the server with the passphrase they have. Embedded in the certificate is your public key. It must match the public key you distribute to clients using your server.

To sign a certificate signing request, perform the following steps. The certificate is signed after you respond to the last question.

  1. Enter the required information to sign a certificate.

    NOTE: The inception time of a certificate is based on UTC (Coordinated Universal Time). Verify with your system administrator that your computer's UTC is set correctly.
    • CA Certificate File specification

      Use OpenVMS syntax (defaults to SSL$CRT:SERVER_CA.CRT).

    • CA Certificate Key File specification

      Use OpenVMS syntax (defaults to SSL$KEY:SERVER_CA.KEY).

    • Certificate Request File

      Use OpenVMS syntax (defaults to SSL$CRT:SERVER.CSR).

    • Signed Request File specification

      Use OpenVMS syntax (defaults to SSL$CRT:SIGNED.CRT).

    • Default Days

      The default number of days until the signed certificate expires.

    • PEM Passphrase

      This is a verification field only. You must use the same passphrase you used to create the certificate authority (option 5).

  2. View the details of the signed certificate (if you chose to display the certificate):

    • Version (SSL 3.0 protocol)

    • Serial number (Certificates issued by a CA have a serial number that is unique to the certificates issued by that CA.)

    • Signature algorithm

    • Issuer (your distinguished name)

    • Validity (inception and expiration dates)

    • Public key information