Procedure

1. Update the OpenSSL configuration file /etc/pki/tls/openssl.cnf.
   Find the definition of the [ CA_default ]/ dir parameter and change it to /etc/pki/CA:

   [ CA_default ]

   dir = /etc/pki/CA # Where everything is kept
2. Create the empty index.txt file in the /etc/pki/CA directory:
   # touch /etc/pki/CA/index.txt
3. Create the serial file with initial content in the /etc/pki/CA directory:
   # echo "01" > /etc/pki/CA/serial
4. Sign the certificate:
   # openssl ca -days 365 -cert /tmp/root_req.pem –keyfile /tmp/root_key.pem -in /tmp/ddei_req.pem -out /tmp/ddei_cert.pem -outdir /tmp

   Using configuration from /etc/pki/tls/openssl.cnf

   Enter pass phrase for /tmp/root_key.pem:Trend

   Check that the request matches the signature

   Signature ok

   Certificate Details:

   Serial Number: 1 (0x1)

   Validity

   Not Before: Oct 22 09:35:52 2010 GMT

   Not After : Oct 22 09:35:52 2011 GMT

   Subject:

   countryName = DE

   stateOrProvinceName = Bavaria

   organizationName = Trend Micro

   organizationalUnitName = Global Training

   commonName = ddei.course.test

   X509v3 extensions:

   X509v3 Basic Constraints:

   CA:FALSE

   Netscape Comment:

   X509v3 Subject Key Identifier:

   82:15:B8:84:9C:40:8C:AB:33:EE:A4:BA:9C:2E:F6:7E:C0:DC:E8:1C X509v3

   Authority Key Identifier:

   keyid:5B:B4:06:4D:8D:12:D0:B3:36:A7:6B:3A:FD:F2:C8:83:4A:DD:AA: BD

   Certificate is to be certified until Oct 22 09:35:52 2011 GMT (365 days)

   Sign the certificate? [y/n]:y

   1 out of 1 certificate requests certified, commit? [y/n]y

   Write out database with 1 new entries

   Data Base Updated

   #
   The file contains the TippingPoint Advanced Threat Protection for Email certificate signed by the CA. You need to distribute this file to all servers and clients communicating with TippingPoint Advanced Threat Protection for Email.