Signing the Deep Discovery Email Inspector Certificate

Find the definition of the [ CA_default ]/ dir parameter and change it to /etc/pki/CA:

[ CA_default ]

dir = /etc/pki/CA # Where everything is kept

# touch /etc/pki/CA/index.txt

# echo "01" > /etc/pki/CA/serial

#openssl ca -days 365 -cert /tmp/root_req.pem -keyfile /tmp/root_key.pem -in /tmp/ddei_req.pem -out /tmp/ddei_cert.pem -outdir /tmp

Using configuration from /etc/pki/tls/openssl.cnf

Enter pass phrase for /tmp/root_key.pem:Trend

Check that the request matches the signature

Signature ok

Certificate Details:

Serial Number: 1 (0x1)

Validity

Not Before: Oct 22 09:35:52 2010 GMT

Not After : Oct 22 09:35:52 2011 GMT

Subject:

countryName = DE

stateOrProvinceName = Bavaria

organizationName = Trend Micro

organizationalUnitName = Global Training

commonName = ddei.course.test

X509v3 extensions:

X509v3 Basic Constraints:

CA:FALSE

Netscape Comment:

X509v3 Subject Key Identifier:

82:15:B8:84:9C:40:8C:AB:33:EE:A4:BA:9C:2E:F6:7E:C0:DC:E8:1C X509v3

Authority Key Identifier:

keyid:5B:B4:06:4D:8D:12:D0:B3:36:A7:6B:3A:FD:F2:C8:83:4A:DD:AA: BD

Certificate is to be certified until Oct 22 09:35:52 2011 GMT (365 days)

Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y

Write out database with 1 new entries

Data Base Updated

#

The file contains the Deep Discovery Email Inspector certificate signed by the CA. You need to distribute this file to all servers and clients communicating with Deep Discovery Email Inspector.