I think you might get better responses if you specified your minimum requirements, i.e. would you be satisfied with any solution that given a CA certificate and key can sign a client certificate or does it have to use openssl ca? (Not that I know any better answer offhand) – user786653 Oct 18 '11 at 15:41

Apr 10, 2015 Why does OpenSSL need the private key to revoke a openssl ca -revoke signed/0A.pem -config caconfig.cnf What does this do which requires the CA's private key? Does it do anything except updating index.txt? openssl ca -- sample minimal CA application A file demoCA/serial would be created containing for example, 01 and the empty index file demoCA/index.txt. Sign a certificate request: openssl ca -in req.pem -out newcert.pem Sign a certificate request using CA extensions: openssl ca -in req.pem -extensions v3_ca -out newcert.pem Generate a CRL openssl ca -gencrl -out crl.pem

openssl x509 -days 1095 -signkey private/cakey.pem \ -CAserial serial \ -set_serial 00 \ -in careq.pem -req \ -out cacert.pem. Convert a Certificate. openssl x509 -in cacert.pem \ -out cacert.cer \ -outform DER. Create a CA Serial File. echo -n '00' > serial. Add a CA to index.txt. The index.txt is a tab separated file with the following columns:

The file newcerts/xx.pem will be created and index.txt and serial will be updated. You private key is in newreq.pem -PRIVATE KEY- and your certificate is in newcert.pem -CERTIFICATE- A copy of newcert.pem is placed in newcerts/ with an adequate entry in index.txt so that a client can request this information via a web server to ensure the How to generate a certificate revocation list (CRL) and Apr 10, 2015

Index of /txt/

The file newcerts/xx.pem will be created and index.txt and serial will be updated. You private key is in newreq.pem -PRIVATE KEY- and your certificate is in newcert.pem -CERTIFICATE- A copy of newcert.pem is placed in newcerts/ with an adequate entry in index.txt so that a client can request this information via a web server to ensure the